last executing test programs:

3m16.616786241s ago: executing program 3 (id=427):
syz_open_dev$hidraw(&(0x7f0000000080), 0x0, 0x418000)
r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000090000082502000000000000000109025c00020100f92a0904000001020900000524060001053408fa6e0d240f0100000000000d000a0006471a010000190581"], 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_disconnect(r0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201080083667d1040206402d14e01020301090212000e00000000090400000090f19c00"], 0x0)

3m14.161384728s ago: executing program 3 (id=440):
creat(&(0x7f0000001380)='./file0\x00', 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000040)={0x3}, 0x4)
bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r0, 0x4)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r1, &(0x7f0000000000)='X', 0x1, 0x4000000, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ntfs3\x00', 0x8000, 0x0)
getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000100)={0x0, 0x7}, &(0x7f0000000140)=0x8)

3m13.236807519s ago: executing program 3 (id=449):
r0 = socket(0x10, 0x803, 0x0)
sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f0000003480)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000200)=""/163, 0xa3}, {&(0x7f0000000100)=""/248, 0xf8}, {&(0x7f0000000780)=""/239, 0xef}, {&(0x7f0000000880)=""/4096, 0x1000}, {&(0x7f0000000040)=""/55, 0x37}, {&(0x7f0000000500)=""/197, 0xc5}, {&(0x7f00000002c0)=""/125, 0x7d}, {&(0x7f0000000600)=""/225, 0xe1}], 0x8}, 0xa}, {{0x0, 0x0, 0x0}, 0x1}], 0x4000104, 0x40002100, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000200)='fuseblk\x00', 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r2, &(0x7f0000000080)=ANY=[], 0x10448)
sendmsg$NFULNL_MSG_CONFIG(r2, &(0x7f0000000340)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="38000000010401010000000000000000070000020a0002000000000600000000080004400000dfeb05000100030000000500010002000000a78086eb2316536383f9333580961a7632"], 0x38}, 0x1, 0x0, 0x0, 0x8001}, 0x44000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r2, 0x0)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x141142, 0x0)
llistxattr(0x0, 0x0, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = syz_kvm_setup_syzos_vm$x86(r4, &(0x7f00001ad000/0x400000)=nil)
r6 = syz_kvm_add_vcpu$x86(r5, &(0x7f0000000180)={0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="01000000000000005100000000000000b9800000c00f000f"], 0x51})
ioctl$KVM_RUN(r6, 0xae80, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x1b, 0x0, &(0x7f0000000180))

3m13.170920922s ago: executing program 3 (id=450):
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x200002, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10)
r1 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_G_PARM(0xffffffffffffffff, 0xc0cc5615, &(0x7f0000000f00)={0x7, @output={0x0, 0x1, {0x7, 0x7}, 0x8de, 0x6ed8}})
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)}], 0x1}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000200)={0x10, 0x1, 0x3, "bc57499e007105bf0000000100000000e40300", 0x4f565559})
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @local}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000001000)={'vcan0\x00', <r4=>0x0})
sendmsg(0xffffffffffffffff, &(0x7f0000001140)={&(0x7f00000010c0)=@can={0x1d, r4}, 0x80, &(0x7f0000001040)=[{&(0x7f00000011c0)="a86fd2c19dd2394d725e62627174a21ba98649121d8c393e6188b2b4a1258c241c9c8755c49d2ef67dcd1882806c519309d4becc86202a00fa04a5b499ebb70da3e7caa54d458ef5be1f40a9ae639a288476d82d7f01aa54e98146372ecfbddf5e1fc42f40e32d229211e210f9", 0x6d}, {&(0x7f00000012c0)="ed789931d15b362ec4644fae1de0be78cde68c383e45c007892aab84b9ae4db6fbb5bf5586bc13c7fd5bf8ddc60c38d84c4c008208138b7f0d31ef41424876d1d129cba6a96a23b750a2123306", 0x4d}], 0x2}, 0x2400c040)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
readv(r2, &(0x7f0000000040)=[{&(0x7f0000000540)=""/4114, 0x1012}], 0x1)
setsockopt(r2, 0x2, 0x5, &(0x7f0000000240)="d8089b40933c16447a5a0815760c147da363dcbc284bc1ce3233a27866051c27fc1af633384c5215bc6c0e38693ed1b4419cbbb8c444479f66d28af46a900121bf5a539bac8cc7c9d1687dbb9d5850642f4640041962229c9031560da0d8b55c6e42fdb8eed137ced16e15aba3b1bcabbcaf1e8bed9aa61dbe974b57b73dc16e29a4eb4296b8e771a44819610e18ed65d8c1302c5daff53bc36b31b8df65a3c7d2c83976e9e34de190fb4ddc3eef4a3c4dc0d8558854e955a4c1612e9a707b14d51825c2a55d94c4e71a750fe2b988989a25eca56d2f2e63bbfdfde19d2a5a466f63c968a51889a5af3bc4dff1af682917f64b3b6513df28b18e7e214544dfb3635bbe217c574bf2e814e962cc06a5b3d645f076d90edca7de8da7ee82528e86641d591a175470bbed189d926831dc0749c2943b682d3f6b0d92b65dc69928aabbe966052446ce690391ff0dbbe8d726c508e98741b8adc4e177be00c83c6c3f1a52bccca925b73cd31851e9d5a4c05d79ec0b16ebda5fe7babbcfc54a0ba4352b9553be16fe07db6e841056e1724e40a9f365d81a841597104500858396d7a81a7a91ab5339000bbab0fdb55f021b2ba938f4bc1c70ca8827cce798a69a9fad6288cb38d1ee7124b61bdcb24154cdc6f47d6bdf01ffbc8757a8b571fc9ec5d3c1ab1d6456df77c27c814e74d61cbc04b6edc96beaf7abfc9664e76308b19d886c3a628ac250598f04a758b545ac94805417f4f0301d6e7ecd2f5ce81c03a554a08709bd7af4597e7c75f771be7a786a1984a0cca6428c229b628a98aaeef4ce531f906db87c35345491ce864e67c06aa9148e3ae2cdd1bd7f607a3842cf45af2e61487cc457fc271fe98d340cddb90fa3f70ee4176af4ea6f7690b7eef2cbbc78701f43633eef1b54c9f439031cbfe5d1e64d17025e9e6eadf9787ae6e2930d9bfd8f1265e14ee6008d019eddd4fb06ef5a7eab0e76d6913c11bd9e8d155e8a6ea7f0e38e543e9cf63c788a4a62455b5c8013b9d2770b2fbc027294ef03c3f66be0bf0198e87061d07009c48aea039e94f1d77a144c1a3a2eae392dda7ae48eccef64b34f37d83bf7e341255352eeea494490eadeaca6fe5166d6f226c0c1699879d9994dc4e15699433f3ea1a59b407a8c2c77eca857157b7a57949b18c0e8cde2ec46e52fe73b5e60427b4713170bc49e5bf68097a5e7c3d2b313ca2e1a23c568360b922dc0b9d168c2473fe7821bf51fd7218ba0fedbb4c6d70f879b631e2dfd1125388825e1020c08f9e8cbfa157e0dab8771a2a9fdad0a26bad22cc77bcf38eb725ed1c7a100ad063463be0959168484d0ca12a62f5ebe8ecada4a141559ab2627d0c5b2a9a98efa93424d72d8767abedcbeed3cf958c601c395ee9871f1af3f2ab8da527ab3cd5853073e436cead0b8da85ad7f80a6d1f68d5a62931e18269c2ab41557d4eb2b63992ff5a68ec6c1ac802319c0ff08de7ce7c0f2ff5073157d61d850d05c192e181846f386b6e70358da980a4c39fe4fb53cdc67785ceb97f18356646ad497caee2db1571c77d5974ed63d902b7da046c34a2ce49c834626281d47da27aa8e1b88f8c05fae6e3ab958662800ac8de92d51df4be53c23a3ffdd5116e41e7b50ac37968aff057ca2cdc9b768c5abc1448ca4b3e7dc994e350f7a6304a7d7fd8e7c907521939670905e73ce402f8f47027be54803a86d38ba5e014827c739c618ebf29ba79459b70c67903e92c5af22203945e8860d0aeb4896be211bae0990c24cff05df55d46a573ec74288564900742c473f369a4cde6a7ae31dbcd493800ea76fd4615569827897d2aaa18aa694e6a9caf0af8e801436b7a43ad561b5b73c8069c64a064e5bd087ce4fd9e47f8d5e8cc2081b09eaf296a704f1c3096b1caa08134026e0050d4dc31205cf709f9883d0f7c9a895e6e867394a9e0e16cc2261e16c169d1bcfe5c8d61007c9edd87810650daeb882c947e71452a62b0a5646d1286cf284e625b6b0d076cafa6df99af6a841d3ae4be7d35f8e14aee74f010a218707ecc6ffe85dec9006fafba98e9ad041905ba33bb65bd9c76905fc00e961afc5c3253086c4635792808ce926a2ee8cf0fb79360ab386b51e8dc9c6b8a6b22e29332eb3812388f8f41e2fc4c5abb79ae907d231a6d0a4a343b1251450f849ad7a60abfd3ff36263ef4aad306203f23e9d714a1e756bc22e9fbfa37053344f22e03d0c3e2267f68ef4946328115b0e7d3e43ffb4e377400b10b1862a2b5f335ab7e0c9465f76d4c34f818a9e438a11eda0966ea2b9fe1d34eaeec71b27458ac4e66a27bf4e24ada913ba6db7cf16d400ddc92d099c6b42fa4538e8579a49f2a7287d54a13f38b14a40efebb0774355958665485afd43114ea153cc2e65429064e4d6f22bcac3bd6aae65523f12cca150e5d234d063822e8415ae4dd423531db6583a51bb52aaf114322d9205a98ed28f00a40e0b6ca9676235e4977107a2f39ac48686793c8755547ed6f58e7179eb3ed3dc1a0b4ccf5898725822d69bc33a332a5e2865c71760031712f154a397fac593c263546b77aec16537727569281cde313819df782d782abfdd51682075558968c8c31a480daf8c4c16af1131a11e5a7d432354894ecf7fd25239dd732bd35fa2f61664923de04ea66d3d5e32c398b95d74f7c40b3c76b506958f51c1bb2b338ed719b53f635a644e4d90cf6d8752556aa3143358f83cc9c99411cdd728a87e6930985e8c31ce584f31b2f41c94ed5ea9c68b285f0b90d460a7223dcdfec5615bae7e8812b32af7b54c74690b342e83bdfc6f4fa0484b05941d783aad9c6382c407f2d38499910567d8599c5cef5ffbfbf328f531225937d8ffde056ba2989bdb9835d2610fe7e4692dbd44907c9b7246bfa319f3aabce89f6d54cb6536937cc48602641b22f0286d1c0ef13e0446c088b9f2ea18cecf4142f121991757b50ddaab6f2392ffe297b788a40a0ed2a47ebc967c453dd105a4aa7cdb74bce83c07624f74ca252df21230f8678ad6bdd94dc04ef35658f5a1cf99549da0622501352ba7936d30ce6b1574aa05e38610de0c709b153c1c35f14ef8b175a12b7b0491996958f8aa99034c7a50bf3d2c0a83605e3377f7d461f41edadad0f57e2e818df4186944277d3f7bc227c2498358c2accc836dcdacbf5c3db12204437fe0350c4dea060bbae243903d7d751384a0438c0018a8320b36e4d2f55289d0e0b185e560444d26384270fb8aa52e4347fb067d71cdc400951f799549bb6cd01132cc80447a8f069c212ed197ed42771f82ececb61541550f0c372255ff22b77f1094476497c45f9380310525d962283c0bf17a946024ababe754616eac171683fa11775bd7a1c814966a78fccd527637f61c67668bb43be186300924214d0a21d1826c1024a25ece07b606070bc906c97f03326e44860b9ba8f82af3c6122558db9a46d434b65d49ccc23e65a8c3a74349d682d4bcbde2467918d69fb42e3268ff6a265675980a35b5af9b8b183902b817e7df02ebdc75819d32461051798305af8b5183e638ac300624ab8b41f272cad2359fb0621d5f04f6ac0c254e4a4c3c2d1eadbc99773464da8f3403a747a564cd0f2faceb6cad31c917d1a2ade3fc410d5d622cf056d6b3bf162ee2bd24770440b68a7db4ca2f4fe726c3ef0f28f0138305b0f3a9e8c5eea1129efbae9c7ea7df0c8f3b8d8cf581edb70a0504decdcbd5a6cd12c93286ba92cbbd8e2bf1a7921e6c5736fef19473d07f09e55099b8adcb73e0ed68f0d05ed2ae9e2533138b0f68910b25030eba2d9e48f9f728a5e15e7f8cdddedd68190a7d40b0b297d021f7fd5a57dc5079f32f4f706dba401c808f805038d24886e20f388c49ce063e04f0414c2b7449ccf1ffd68549ef29b89b27ba4d138795590c43ecb3a6f015340094e4bbfced992255e222551c5d01e31deecf63ce08085ac8f80743275de48b7757bf8d7de134904c9559f9690ed49dc5d3e65b03471630942a7144daf964f7665404b92ae599bd029510fdc751e701a4573a4c037584c08412927863416423ad90570f06c99cdbf4fcd37307f0857f7c302dc56cd389b3c538f2e842af334826c9d152189bd6c9c7a534281579fafc03da5f9fb1d1c6058db6a2a216f628c7b83b99b729f52ebdffdd95f5049d48ea939ca3b0f5a3e962a23b5ea36dd25a51e1ec4ff9203e038813015edeae5cc9ad541b0974b52e7e198e8999c86c3b0db75477abe7b6c4868468694041b16b1c1160d573ae5d4f16a89af8b6dd8d55b930821a2bedbb580ea1f4b53c16a66c033b8ddc2e2a8f31a3f76c22a560bac520a82767c452388ac6eaa14211dee3db8b17f476c1e5e4f2793ec60145f4858147d656ddbbc55eef248bb2315cb7542c72e7fd15e0563d101e46ee08b9bb89094459cc778cdafc6593e3c47bbe9f9db28cb05fdaaf04cc9f40d13fcf8b0777af382be34a3f5c72584036e58e50c38af092308a3327347f08f1ac7d87bc630ad29e72014390e91d669bf65475dc6591261f18db3b404aabd2def4aca0ef34f1b33ac69272a832eb8330dfe48ff268a972b1281cb6931d0bea708942a6cd1c6cda4e713f728860abb41f128d5e08a3aebdd4c5641fea8cd41fb456e33b17de67e57ea720c8677ed3605ed1d53940afd5b6fa9a8e01a708cb98c027ab71f5ecc83d3d24338b368507e0aa9726bb92121bfbe1a138a7b8fd248011a9fadacf5aadea1a8f0736c3ec5a2ebf6a3e9d878fe4ae3ae3fe112ace4cf34931cf9ee502a86a61737be1d0dd44d6337428105dd6198aed62479bdb5be205bf5cdcccbfe5fc823e03081e682ce500308c6798c8f4164b4dfdffc9a543a48889d46056d32abdeee7f9858eec511a18c6f3428d8483b4f2d442ca3b8f935fa1262008e7ee40a6f549cca8324a471448aed2f07f13f7257632b6f7bf3815067537f518d6783517dcbad7f2ee09acb8e2b3382f77cee29567d6514b9e123a3271baadc92f011f9ad6858d00fed7138102dcb33379311b7cafcf1143c4785d22bdc3000c33ddae823007db87defac747ce21d4280a50a34992eb91403cffecb485fa3821c083ff4d29b23618e48e6fc2aa057a123b1b81c5c9fb7a657ae4203c70d65963f47a15e49ddebcfe29ffe6275a953de60bb48b6faca5ee4faa0b600ee7ce9f96cd71189b3a3214c90cee13e6a9ef619eedaaa2c187993279c9044d1f5f3ff68ead8d4d765d22a4dbba8f0333c8133b06bc0e285630d6e50e65e52962385eb4fbfb490d8df94ba0ba57158bf9f284eb9cc7868bf332a6a9a7573717e65419eea17b878ba75da21600361caa6d47ab1c83689a0325aa0d440a1a2388b5a98e31c0ebdad9b533d9d794db882fa0cd680e23a5959245b9ee60c8414883e660f7895323ad22ceb6766284ecf764e0529ca790ff9b8620345824911bfb06b2b758647bf526bd7d97042a04c89caba0d4988797296331bc22ee16560370638e7601e8b6291a836644711c43ccf9b7819a42ac93a3a450cbde386dbea532ca7fe88240afdcf87dc9acd0d87985301341b97ef45b28e08d137ddb6bbb810a1294f852ea3b6e47588cdb17a0683db65e7bdeca7d94163c71fcb04020b50589dcf77cf9e2d9ebbfb792b7a352c6df43290096ad87c459d262987a5b933c95b2f890b94e60b75bad820e3136aec710841d1716e1818769709dd6f45ba1e0a67ac032f61c0c72569357f10da392d3f76c3da07b9cd0be456f8fcb8976a312236fe7d0c7ee71f511e63c", 0x1000)
setxattr$incfs_metadata(&(0x7f0000000080)='./cgroup\x00', &(0x7f0000000100), &(0x7f0000000140)="74ea764075c3715576c459a04d16a8833fea8c4253dfba795ed1002e456e8217b556f85e123f18315e5d391706094a67827cfb4947ee440f24033e37ad80b33379ec4cb6caadbe4480441fbef94516286a202c5d71", 0x55, 0x2)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r6, 0x84, 0x7, &(0x7f0000000080)={0x7}, 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x240, 0x0)

3m12.26319773s ago: executing program 3 (id=455):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
mount(&(0x7f0000000040)=@filename='./cgroup\x00', &(0x7f0000000100)='./cgroup\x00', &(0x7f0000000240)='jfs\x00', 0xa00000, 0x0) (async)
fadvise64(r0, 0x3, 0x3, 0x5)
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)

3m12.148364295s ago: executing program 3 (id=456):
creat(&(0x7f0000000200)='./file0\x00', 0x2c)
mount$afs(&(0x7f00000000c0)=@cell={0x23, '', 'syz1', '.backup'}, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0), 0x800, 0x0)
r0 = socket$phonet(0x23, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'ip6gretap0\x00', <r1=>0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_add_memb(r2, 0x107, 0x18, &(0x7f0000000800)={r1, 0x1, 0x6, @random="be189782b5ba"}, 0x10)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0)
r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
statx(r4, &(0x7f0000000280)='./file0\x00', 0x100, 0x800, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r3, 0x3ba0, &(0x7f0000000140)={0x48, 0x8, r4, 0x0, 0x0, 0x4fb10, 0x6b, &(0x7f00000000c0)="913d79731d0999ee50e3278a90a6dd2f69c942698d9bd74d1be53019dbf75aee09cc6da71e2da2ea0602ee684321ef7b903075020efea394944bfc9bedf07842c966b39368b54ad21ad81a90f7fa9310240ffc56d09f2c4a8ac2eb8afb5694725a67226246a23d1300570d", 0x1})
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x400000014b882, 0x0)
fallocate(r6, 0x11, 0x0, 0x4000007c000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14, 0x4, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4000040}, 0x14)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$int_in(r8, 0x5452, &(0x7f0000000280)=0xffffffffffffffff)
sendto$inet6(r8, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3f, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4c, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x4, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x824, 0xd, 0x1, 0x2, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0xfffffffa, 0x3fc, 0x80, 0x0, 0x2, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0xf292, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x78, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x31, 0xe, 0x312, 0x78, 0xea4, 0x2, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfdfffffd, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x7, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x6, 0x7ff7, 0x0, 0x5, 0xb, 0x3, 0x5, 0x405, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x3e, 0xd9, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1002, 0xa2, 0x7, 0x953a, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x6, 0xb, 0x5, 0x893a, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x149, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x1, 0x4, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0x8af, 0x8, 0x6, 0x226, 0x5, 0x5, 0x28, 0x30b1d693, 0xa1f, 0xf43, 0x6, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
quotactl_fd$Q_GETQUOTA(r4, 0xffffffff80000700, r5, &(0x7f0000000340))
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r4, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {r6}}, './file0\x00'})

2m57.135999136s ago: executing program 32 (id=456):
creat(&(0x7f0000000200)='./file0\x00', 0x2c)
mount$afs(&(0x7f00000000c0)=@cell={0x23, '', 'syz1', '.backup'}, &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0), 0x800, 0x0)
r0 = socket$phonet(0x23, 0x2, 0x1)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'ip6gretap0\x00', <r1=>0x0})
r2 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_add_memb(r2, 0x107, 0x18, &(0x7f0000000800)={r1, 0x1, 0x6, @random="be189782b5ba"}, 0x10)
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x2201, 0x0)
r4 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
statx(r4, &(0x7f0000000280)='./file0\x00', 0x100, 0x800, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, <r5=>0x0})
ioctl$IOMMU_TEST_OP_ACCESS_RW$syz(r3, 0x3ba0, &(0x7f0000000140)={0x48, 0x8, r4, 0x0, 0x0, 0x4fb10, 0x6b, &(0x7f00000000c0)="913d79731d0999ee50e3278a90a6dd2f69c942698d9bd74d1be53019dbf75aee09cc6da71e2da2ea0602ee684321ef7b903075020efea394944bfc9bedf07842c966b39368b54ad21ad81a90f7fa9310240ffc56d09f2c4a8ac2eb8afb5694725a67226246a23d1300570d", 0x1})
r6 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x400000014b882, 0x0)
fallocate(r6, 0x11, 0x0, 0x4000007c000)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r7, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000a80)={0x14, 0x4, 0x1, 0x5, 0x0, 0x0, {0x2, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4000040}, 0x14)
r8 = socket$inet6_sctp(0xa, 0x5, 0x84)
ioctl$int_in(r8, 0x5452, &(0x7f0000000280)=0xffffffffffffffff)
sendto$inet6(r8, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3f, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x7f, 0x20000006, 0x4c, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x4, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x824, 0xd, 0x1, 0x2, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x6, 0x6, 0x0, 0x5, 0x4, 0xfffffffa, 0x3fc, 0x80, 0x0, 0x2, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0xf292, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x78, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x31, 0xe, 0x312, 0x78, 0xea4, 0x2, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfdfffffd, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x7, 0x1, 0x3, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x6, 0x7ff7, 0x0, 0x5, 0xb, 0x3, 0x5, 0x405, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x3e, 0xd9, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1002, 0xa2, 0x7, 0x953a, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x6, 0xb, 0x5, 0x893a, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x149, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x1, 0x4, 0xc8, 0x1, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0x8af, 0x8, 0x6, 0x226, 0x5, 0x5, 0x28, 0x30b1d693, 0xa1f, 0xf43, 0x6, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
quotactl_fd$Q_GETQUOTA(r4, 0xffffffff80000700, r5, &(0x7f0000000340))
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$AUTOFS_DEV_IOCTL_SETPIPEFD(r4, 0xc0189378, &(0x7f0000000040)={{0x1, 0x1, 0x18, r4, {r6}}, './file0\x00'})

2m42.910331018s ago: executing program 4 (id=609):
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000000)='btrfs\x00', 0x0, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x20200, 0x0)
ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
copy_file_range(r0, 0x0, r1, &(0x7f00000000c0)=0x8000000000000000, 0x3, 0x0)

2m42.749057116s ago: executing program 4 (id=610):
r0 = socket$kcm(0x29, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, 0x0)

2m42.611048016s ago: executing program 4 (id=612):
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x4)
getsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000000), &(0x7f00000000c0)=0x4) (async)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='ext3\x00', 0x400, 0x0)

2m42.511921367s ago: executing program 4 (id=613):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x2}]}, 0x24}}, 0x0)
sendmsg$NL80211_CMD_CONNECT(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={0x44, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @NL80211_ATTR_MAC={0xa, 0x6, @from_mac}, @NL80211_ATTR_AUTH_TYPE={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}]]}, 0x44}, 0x1, 0x0, 0xf00000000000000}, 0x0)
syz_80211_inject_frame(&(0x7f00000002c0)=@device_b, &(0x7f0000000300)=@mgmt_frame=@probe_response={{{}, {}, @device_b, @device_a, @from_mac}, 0x0, @default, 0x1, @val={0x0, 0x6, @default_ap_ssid}, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void, @void, @void, @void, @void, @void}, 0x36)
nanosleep(&(0x7f0000000340)={0x0, 0x2faf080}, &(0x7f0000000380))
syz_80211_inject_frame(&(0x7f00000003c0)=@device_b, &(0x7f0000000400)=@mgmt_frame=@auth={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x1}}, 0x0, 0x2, 0x0, @void}, 0x1e)
nanosleep(&(0x7f0000000440)={0x0, 0x2faf080}, &(0x7f0000000480))
syz_80211_inject_frame(&(0x7f00000004c0)=@device_b, &(0x7f0000000500)=@mgmt_frame=@assoc_resp={{{}, {}, @device_b, @device_a, @from_mac, {0x0, 0x2}}, 0x1, 0x0, @default, @val={0x1, 0x8, [{0x2, 0x1}, {0x4, 0x1}, {0xb, 0x1}, {0x16, 0x1}, {0xc}, {0x12}, {0x18}, {0x24}]}, @void}, 0x28)

2m41.600692325s ago: executing program 4 (id=617):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, 0x0)
sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000700)={0x50, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_CONTROL_PORT_ETHERTYPE={0x6, 0x66, 0x888e}, @NL80211_ATTR_FRAME={0x2a, 0x33, @mgmt_frame=@reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1}, {0x3}, @device_b, @broadcast, @from_mac=@device_b, {0x5, 0x3}}, 0x4000, 0x5, @device_b, {}, @val, @void}}]}, 0x50}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

2m41.515558014s ago: executing program 4 (id=618):
userfaultfd(0x80001) (async)
r0 = userfaultfd(0x80001)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000000)=[{&(0x7f0000000040)=""/99, 0x63}], 0x1, 0xfffffffc, 0x0)
ioctl$NBD_PRINT_DEBUG(r1, 0xab06)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, 0x4000, 0x1})

2m33.533513578s ago: executing program 2 (id=646):
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x200002, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10)
r1 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_G_PARM(0xffffffffffffffff, 0xc0cc5615, &(0x7f0000000f00)={0x7, @output={0x0, 0x1, {0x7, 0x7}, 0x8de, 0x6ed8}})
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)}], 0x1}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000200)={0x10, 0x1, 0x3, "bc57499e007105bf0000000100000000e40300", 0x4f565559})
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @local}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000001000)={'vcan0\x00', <r4=>0x0})
sendmsg(0xffffffffffffffff, &(0x7f0000001140)={&(0x7f00000010c0)=@can={0x1d, r4}, 0x80, &(0x7f0000001040)=[{&(0x7f00000011c0)="a86fd2c19dd2394d725e62627174a21ba98649121d8c393e6188b2b4a1258c241c9c8755c49d2ef67dcd1882806c519309d4becc86202a00fa04a5b499ebb70da3e7caa54d458ef5be1f40a9ae639a288476d82d7f01aa54e98146372ecfbddf5e1fc42f40e32d229211e210f9e24b01a7491f4d", 0x74}, {&(0x7f00000012c0)="ed789931d15b362ec4644fae1de0be78cde68c383e45c007892aab84b9ae4db6fbb5bf5586bc13c7fd5bf8ddc60c38d84c4c008208138b7f0d31ef41424876d1d129cba6a96a23b750a2123306", 0x4d}], 0x2}, 0x2400c040)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
writev(r5, 0x0, 0x0)
readv(r2, &(0x7f0000000040)=[{&(0x7f0000000540)=""/4114, 0x1012}], 0x1)
setsockopt(r2, 0x2, 0x5, &(0x7f0000000240)="d8089b40933c16447a5a0815760c147da363dcbc284bc1ce3233a27866051c27fc1af633384c5215bc6c0e38693ed1b4419cbbb8c444479f66d28af46a900121bf5a539bac8cc7c9d1687dbb9d5850642f4640041962229c9031560da0d8b55c6e42fdb8eed137ced16e15aba3b1bcabbcaf1e8bed9aa61dbe974b57b73dc16e29a4eb4296b8e771a44819610e18ed65d8c1302c5daff53bc36b31b8df65a3c7d2c83976e9e34de190fb4ddc3eef4a3c4dc0d8558854e955a4c1612e9a707b14d51825c2a55d94c4e71a750fe2b988989a25eca56d2f2e63bbfdfde19d2a5a466f63c968a51889a5af3bc4dff1af682917f64b3b6513df28b18e7e214544dfb3635bbe217c574bf2e814e962cc06a5b3d645f076d90edca7de8da7ee82528e86641d591a175470bbed189d926831dc0749c2943b682d3f6b0d92b65dc69928aabbe966052446ce690391ff0dbbe8d726c508e98741b8adc4e177be00c83c6c3f1a52bccca925b73cd31851e9d5a4c05d79ec0b16ebda5fe7babbcfc54a0ba4352b9553be16fe07db6e841056e1724e40a9f365d81a841597104500858396d7a81a7a91ab5339000bbab0fdb55f021b2ba938f4bc1c70ca8827cce798a69a9fad6288cb38d1ee7124b61bdcb24154cdc6f47d6bdf01ffbc8757a8b571fc9ec5d3c1ab1d6456df77c27c814e74d61cbc04b6edc96beaf7abfc9664e76308b19d886c3a628ac250598f04a758b545ac94805417f4f0301d6e7ecd2f5ce81c03a554a08709bd7af4597e7c75f771be7a786a1984a0cca6428c229b628a98aaeef4ce531f906db87c35345491ce864e67c06aa9148e3ae2cdd1bd7f607a3842cf45af2e61487cc457fc271fe98d340cddb90fa3f70ee4176af4ea6f7690b7eef2cbbc78701f43633eef1b54c9f439031cbfe5d1e64d17025e9e6eadf9787ae6e2930d9bfd8f1265e14ee6008d019eddd4fb06ef5a7eab0e76d6913c11bd9e8d155e8a6ea7f0e38e543e9cf63c788a4a62455b5c8013b9d2770b2fbc027294ef03c3f66be0bf0198e87061d07009c48aea039e94f1d77a144c1a3a2eae392dda7ae48eccef64b34f37d83bf7e341255352eeea494490eadeaca6fe5166d6f226c0c1699879d9994dc4e15699433f3ea1a59b407a8c2c77eca857157b7a57949b18c0e8cde2ec46e52fe73b5e60427b4713170bc49e5bf68097a5e7c3d2b313ca2e1a23c568360b922dc0b9d168c2473fe7821bf51fd7218ba0fedbb4c6d70f879b631e2dfd1125388825e1020c08f9e8cbfa157e0dab8771a2a9fdad0a26bad22cc77bcf38eb725ed1c7a100ad063463be0959168484d0ca12a62f5ebe8ecada4a141559ab2627d0c5b2a9a98efa93424d72d8767abedcbeed3cf958c601c395ee9871f1af3f2ab8da527ab3cd5853073e436cead0b8da85ad7f80a6d1f68d5a62931e18269c2ab41557d4eb2b63992ff5a68ec6c1ac802319c0ff08de7ce7c0f2ff5073157d61d850d05c192e181846f386b6e70358da980a4c39fe4fb53cdc67785ceb97f18356646ad497caee2db1571c77d5974ed63d902b7da046c34a2ce49c834626281d47da27aa8e1b88f8c05fae6e3ab958662800ac8de92d51df4be53c23a3ffdd5116e41e7b50ac37968aff057ca2cdc9b768c5abc1448ca4b3e7dc994e350f7a6304a7d7fd8e7c907521939670905e73ce402f8f47027be54803a86d38ba5e014827c739c618ebf29ba79459b70c67903e92c5af22203945e8860d0aeb4896be211bae0990c24cff05df55d46a573ec74288564900742c473f369a4cde6a7ae31dbcd493800ea76fd4615569827897d2aaa18aa694e6a9caf0af8e801436b7a43ad561b5b73c8069c64a064e5bd087ce4fd9e47f8d5e8cc2081b09eaf296a704f1c3096b1caa08134026e0050d4dc31205cf709f9883d0f7c9a895e6e867394a9e0e16cc2261e16c169d1bcfe5c8d61007c9edd87810650daeb882c947e71452a62b0a5646d1286cf284e625b6b0d076cafa6df99af6a841d3ae4be7d35f8e14aee74f010a218707ecc6ffe85dec9006fafba98e9ad041905ba33bb65bd9c76905fc00e961afc5c3253086c4635792808ce926a2ee8cf0fb79360ab386b51e8dc9c6b8a6b22e29332eb3812388f8f41e2fc4c5abb79ae907d231a6d0a4a343b1251450f849ad7a60abfd3ff36263ef4aad306203f23e9d714a1e756bc22e9fbfa37053344f22e03d0c3e2267f68ef4946328115b0e7d3e43ffb4e377400b10b1862a2b5f335ab7e0c9465f76d4c34f818a9e438a11eda0966ea2b9fe1d34eaeec71b27458ac4e66a27bf4e24ada913ba6db7cf16d400ddc92d099c6b42fa4538e8579a49f2a7287d54a13f38b14a40efebb0774355958665485afd43114ea153cc2e65429064e4d6f22bcac3bd6aae65523f12cca150e5d234d063822e8415ae4dd423531db6583a51bb52aaf114322d9205a98ed28f00a40e0b6ca9676235e4977107a2f39ac48686793c8755547ed6f58e7179eb3ed3dc1a0b4ccf5898725822d69bc33a332a5e2865c71760031712f154a397fac593c263546b77aec16537727569281cde313819df782d782abfdd51682075558968c8c31a480daf8c4c16af1131a11e5a7d432354894ecf7fd25239dd732bd35fa2f61664923de04ea66d3d5e32c398b95d74f7c40b3c76b506958f51c1bb2b338ed719b53f635a644e4d90cf6d8752556aa3143358f83cc9c99411cdd728a87e6930985e8c31ce584f31b2f41c94ed5ea9c68b285f0b90d460a7223dcdfec5615bae7e8812b32af7b54c74690b342e83bdfc6f4fa0484b05941d783aad9c6382c407f2d38499910567d8599c5cef5ffbfbf328f531225937d8ffde056ba2989bdb9835d2610fe7e4692dbd44907c9b7246bfa319f3aabce89f6d54cb6536937cc48602641b22f0286d1c0ef13e0446c088b9f2ea18cecf4142f121991757b50ddaab6f2392ffe297b788a40a0ed2a47ebc967c453dd105a4aa7cdb74bce83c07624f74ca252df21230f8678ad6bdd94dc04ef35658f5a1cf99549da0622501352ba7936d30ce6b1574aa05e38610de0c709b153c1c35f14ef8b175a12b7b0491996958f8aa99034c7a50bf3d2c0a83605e3377f7d461f41edadad0f57e2e818df4186944277d3f7bc227c2498358c2accc836dcdacbf5c3db12204437fe0350c4dea060bbae243903d7d751384a0438c0018a8320b36e4d2f55289d0e0b185e560444d26384270fb8aa52e4347fb067d71cdc400951f799549bb6cd01132cc80447a8f069c212ed197ed42771f82ececb61541550f0c372255ff22b77f1094476497c45f9380310525d962283c0bf17a946024ababe754616eac171683fa11775bd7a1c814966a78fccd527637f61c67668bb43be186300924214d0a21d1826c1024a25ece07b606070bc906c97f03326e44860b9ba8f82af3c6122558db9a46d434b65d49ccc23e65a8c3a74349d682d4bcbde2467918d69fb42e3268ff6a265675980a35b5af9b8b183902b817e7df02ebdc75819d32461051798305af8b5183e638ac300624ab8b41f272cad2359fb0621d5f04f6ac0c254e4a4c3c2d1eadbc99773464da8f3403a747a564cd0f2faceb6cad31c917d1a2ade3fc410d5d622cf056d6b3bf162ee2bd24770440b68a7db4ca2f4fe726c3ef0f28f0138305b0f3a9e8c5eea1129efbae9c7ea7df0c8f3b8d8cf581edb70a0504decdcbd5a6cd12c93286ba92cbbd8e2bf1a7921e6c5736fef19473d07f09e55099b8adcb73e0ed68f0d05ed2ae9e2533138b0f68910b25030eba2d9e48f9f728a5e15e7f8cdddedd68190a7d40b0b297d021f7fd5a57dc5079f32f4f706dba401c808f805038d24886e20f388c49ce063e04f0414c2b7449ccf1ffd68549ef29b89b27ba4d138795590c43ecb3a6f015340094e4bbfced992255e222551c5d01e31deecf63ce08085ac8f80743275de48b7757bf8d7de134904c9559f9690ed49dc5d3e65b03471630942a7144daf964f7665404b92ae599bd029510fdc751e701a4573a4c037584c08412927863416423ad90570f06c99cdbf4fcd37307f0857f7c302dc56cd389b3c538f2e842af334826c9d152189bd6c9c7a534281579fafc03da5f9fb1d1c6058db6a2a216f628c7b83b99b729f52ebdffdd95f5049d48ea939ca3b0f5a3e962a23b5ea36dd25a51e1ec4ff9203e038813015edeae5cc9ad541b0974b52e7e198e8999c86c3b0db75477abe7b6c4868468694041b16b1c1160d573ae5d4f16a89af8b6dd8d55b930821a2bedbb580ea1f4b53c16a66c033b8ddc2e2a8f31a3f76c22a560bac520a82767c452388ac6eaa14211dee3db8b17f476c1e5e4f2793ec60145f4858147d656ddbbc55eef248bb2315cb7542c72e7fd15e0563d101e46ee08b9bb89094459cc778cdafc6593e3c47bbe9f9db28cb05fdaaf04cc9f40d13fcf8b0777af382be34a3f5c72584036e58e50c38af092308a3327347f08f1ac7d87bc630ad29e72014390e91d669bf65475dc6591261f18db3b404aabd2def4aca0ef34f1b33ac69272a832eb8330dfe48ff268a972b1281cb6931d0bea708942a6cd1c6cda4e713f728860abb41f128d5e08a3aebdd4c5641fea8cd41fb456e33b17de67e57ea720c8677ed3605ed1d53940afd5b6fa9a8e01a708cb98c027ab71f5ecc83d3d24338b368507e0aa9726bb92121bfbe1a138a7b8fd248011a9fadacf5aadea1a8f0736c3ec5a2ebf6a3e9d878fe4ae3ae3fe112ace4cf34931cf9ee502a86a61737be1d0dd44d6337428105dd6198aed62479bdb5be205bf5cdcccbfe5fc823e03081e682ce500308c6798c8f4164b4dfdffc9a543a48889d46056d32abdeee7f9858eec511a18c6f3428d8483b4f2d442ca3b8f935fa1262008e7ee40a6f549cca8324a471448aed2f07f13f7257632b6f7bf3815067537f518d6783517dcbad7f2ee09acb8e2b3382f77cee29567d6514b9e123a3271baadc92f011f9ad6858d00fed7138102dcb33379311b7cafcf1143c4785d22bdc3000c33ddae823007db87defac747ce21d4280a50a34992eb91403cffecb485fa3821c083ff4d29b23618e48e6fc2aa057a123b1b81c5c9fb7a657ae4203c70d65963f47a15e49ddebcfe29ffe6275a953de60bb48b6faca5ee4faa0b600ee7ce9f96cd71189b3a3214c90cee13e6a9ef619eedaaa2c187993279c9044d1f5f3ff68ead8d4d765d22a4dbba8f0333c8133b06bc0e285630d6e50e65e52962385eb4fbfb490d8df94ba0ba57158bf9f284eb9cc7868bf332a6a9a7573717e65419eea17b878ba75da21600361caa6d47ab1c83689a0325aa0d440a1a2388b5a98e31c0ebdad9b533d9d794db882fa0cd680e23a5959245b9ee60c8414883e660f7895323ad22ceb6766284ecf764e0529ca790ff9b8620345824911bfb06b2b758647bf526bd7d97042a04c89caba0d4988797296331bc22ee16560370638e7601e8b6291a836644711c43ccf9b7819a42ac93a3a450cbde386dbea532ca7fe88240afdcf87dc9acd0d87985301341b97ef45b28e08d137ddb6bbb810a1294f852ea3b6e47588cdb17a0683db65e7bdeca7d94163c71fcb04020b50589dcf77cf9e2d9ebbfb792b7a352c6df43290096ad87c459d262987a5b933c95b2f890b94e60b75bad820e3136aec710841d1716e1818769709dd6f45ba1e0a67ac032f61c0c72569357f10da392d3f76c3da07b9cd0be456f8fcb8976a312236fe7d0c7ee71f511e63c", 0x1000)
setxattr$incfs_metadata(&(0x7f0000000080)='./cgroup\x00', &(0x7f0000000100), &(0x7f0000000140)="74ea764075c3715576c459a04d16a8833fea8c4253dfba795ed1002e456e8217b556f85e123f18315e5d391706094a67827cfb4947ee440f24033e37ad80b33379ec4cb6caadbe4480441fbef94516286a202c5d71", 0x55, 0x2)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r6, 0x84, 0x7, &(0x7f0000000080)={0x7}, 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x240, 0x0)

2m32.596403946s ago: executing program 2 (id=647):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000005500)=[{{0x0, 0x0, &(0x7f0000004ec0)=[{&(0x7f0000003e00)="10", 0x1}], 0x1}}, {{&(0x7f0000004f00)=@un=@abs={0x0, 0x0, 0x4e24}, 0x80, 0x0}}], 0x2, 0x20000854)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
write$ppp(r0, &(0x7f0000000580)='L', 0x1)
unshare(0x2c020400)
msgget$private(0x0, 0x240)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, &(0x7f0000000040)={0x0, [[0x9ef8, 0x2], [0x0, 0x1], [0x6, 0xffffdfff, 0x0, 0x0, 0x0, 0x0, 0xb, 0xfffffffd]], '\x00', [{0xfffffffc, 0xf8}, {}, {0xffffffff}, {0x0, 0x4, 0x0, 0x1}, {0x3, 0xffffffff}, {0x2000001}, {}, {0x0, 0x4}, {}, {0x2}, {}, {0xfffffff8}], '\x00', 0x1, 0x0, 0x0, 0xf8})
msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0)
mremap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
msgrcv(0x0, &(0x7f00000004c0)={0x0, ""/4}, 0x2000, 0xffffff7f00000000, 0x3000)
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000000)=0x10)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f00000000c0)={'syzkaller1\x00', @broadcast})
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e1a, @rand_addr=0x64010100}, {0x2, 0x4a23, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0xce25, @multicast2}, 0x204, 0x0, 0x0, 0x0, 0x2008, 0x0, 0x200003, 0x2, 0x2})
write$tun(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000006902"])

2m31.609402027s ago: executing program 2 (id=649):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000001, 0x12, r0, 0x45809000) (async)
r1 = syz_init_net_socket$ax25(0x3, 0x3, 0x1) (async)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r3, 0x4068aea3, &(0x7f000009df00)={0x79, 0x0, 0x1}) (async)
r4 = socket$inet(0x2, 0x2, 0x0)
setsockopt$sock_int(r4, 0x1, 0xf, &(0x7f0000000040)=0x8, 0x4) (async)
connect$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @local}, 0x10) (async)
setsockopt$ax25_int(r1, 0x101, 0x2, &(0x7f0000000040)=0x371, 0x4)

2m31.565260773s ago: executing program 2 (id=651):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000df713820f0031d58381f010203010902240001000010000904e50002ff0107fe090585"], 0x0)

2m28.469540426s ago: executing program 2 (id=661):
creat(&(0x7f0000001380)='./file0\x00', 0x4) (async)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000000)=0x5, 0x4) (async)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x80800, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r2, 0x4048aec9, &(0x7f0000000080)={[{0x4, 0x0, 0x0, 0x40, 0x0, 0xb, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x80}, {0x0, 0x4, 0x0, 0x0, 0x3, 0xfe, 0xfd, 0x0, 0x0, 0x0, 0x40}, {0x200002, 0x8, 0xa, 0x3, 0x8, 0x6, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd}], 0x2000003}) (async)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0)
r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000480)={0x1, 0x0, [{0x40000002, 0x0, 0xfffffffffffffff8}]}) (async, rerun: 32)
mount(&(0x7f0000000080)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000040)='ext3\x00', 0x400, 0x0) (rerun: 32)

2m27.736566713s ago: executing program 2 (id=664):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x1b)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x600000000000000, 0x0, 0x0, 0x2)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'bridge_slave_0\x00', 0x401})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40400, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x28, 0x2, 0x6, 0x401, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x880}, 0x80)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0)
eventfd2(0x9, 0x80001)
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000044082, 0x0)
fallocate(r9, 0x11, 0x7c, 0x7c000)

2m25.634500701s ago: executing program 33 (id=618):
userfaultfd(0x80001) (async)
r0 = userfaultfd(0x80001)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
preadv(r1, &(0x7f0000000000)=[{&(0x7f0000000040)=""/99, 0x63}], 0x1, 0xfffffffc, 0x0)
ioctl$NBD_PRINT_DEBUG(r1, 0xab06)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffa000/0x1000)=nil, 0x4000, 0x1})

2m12.047822108s ago: executing program 34 (id=664):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x46, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000080), 0x1c)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x1b)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x600000000000000, 0x0, 0x0, 0x2)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'bridge_slave_0\x00', 0x401})
r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x40400, 0x0)
r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0x28, 0x2, 0x6, 0x401, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x880}, 0x80)
ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0)
eventfd2(0x9, 0x80001)
r9 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000044082, 0x0)
fallocate(r9, 0x11, 0x7c, 0x7c000)

2m5.861141349s ago: executing program 6 (id=712):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x34, 0x70, 0x9d, 0x40, 0x55f, 0xc230, 0xb6ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xf2, 0xa7, 0xcc}}]}}]}}, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @empty}], 0x1c)
r2 = socket(0x10, 0x3, 0x0)
write(r2, &(0x7f0000000340)="240000001a005f20f109dfc64d2609e00214f9df0700dd000000000000fe000258dbef0f", 0x24)
sendto$inet6(r1, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)
setsockopt$inet_sctp6_SCTP_AUTH_DEACTIVATE_KEY(r1, 0x84, 0x23, &(0x7f0000000100)={0x0, 0x8}, 0x8)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000dc0)={0x2c, &(0x7f0000000ac0)={0x0, 0x9, 0x1, "af"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000000)={0x44, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f00000003c0)={0x34, &(0x7f0000001800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r4 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r4, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast})
write$tun(r3, &(0x7f00000017c0)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x0, 0x14}, @ipv4=@udp={{0x6, 0x4, 0x3, 0x1b, 0x65, 0x66, 0x0, 0x40, 0x11, 0x0, @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1a}, {[@timestamp={0x44, 0x4, 0x1c, 0x0, 0x6}]}}, {0x4e20, 0x4e22, 0x4d, 0x0, @wg=@data={0x4, 0x2, 0x8, "07771ac366586e56f446dcd22ec94c672f1cd650b4e9142373a300245d0bea516a2fbeddd0cb5cffbac1852e0cfe302d0000000000"}}}}, 0x73)
syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000640)={0x44, &(0x7f0000000180)={0x20, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000400)={0x1c, &(0x7f0000000100)=ANY=[], 0x0, 0x0})
syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)={0x40, 0x21, 0x1, 0x2d}})

2m3.644429273s ago: executing program 0 (id=740):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)

2m2.431962819s ago: executing program 6 (id=743):
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
r0 = socket$can_raw(0x1d, 0x3, 0x1)
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000480), 0x0, 0x0)
read(r1, &(0x7f0000002340)=""/4096, 0x1002)
r2 = socket$rds(0x15, 0x5, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id='])
read$FUSE(r3, &(0x7f0000002100)={0x2020, 0x0, 0x0, <r4=>0x0}, 0x2020)
syz_fuse_handle_req(r3, &(0x7f0000004380)="4e5350994ebf71ce3049a58c5d050078bf16b0757a4c27b455e2a547739587dd3380b5df8f40a0696c5bd6cdb672cffe4d870c5c90ca92095b9ebf3e92fe31d8cd74275d857d34a74f7eecc7fac15e2f148d4e9d47bb45b858bbf078999970d180f28d7b2cefd92635d45a563d9229c9fd770efdc0848e52fa5efd9ada5c94a1ba94b4b7c7507f8b0819bb20910f9f50a83a010abbe126dd9f6a7b84eab6b0d5ce78d2ade77a5f7e4e997df1d03ffab4b4c945d803e4457909013127a98769c938c237f37263bc509a42bc56ff2dbf80e847e2c407009eef94f18e1e59069d62298fdbadae007ffbdf403c5049a4530ac0abecceb5608da02754c9a575af52c0b7e41226e2d642a814861c4310c935bcbae413516dde2132652b39c7aa0218a6ce65dabb4494965209ce879ba7e7e59039db5c1d36d6a7f86d72dd59954fd6f46124a2506b245a0db11aa89d2feb312a6596ea2fecaa7b6021f37a255f628da7ff6b6c36b514d3b6be34e505f9dac6acfb888198004699fb350ac93431533554658c4957df36703591438d6488bc03dd8290a75ebb367a481a50e79a46b04d005649cabd79e5c6326c066bc2b6fc5febb87ef66d832ef31a16c2a450a0b990fb549a5d810c928d1a81fa1dc795db2607ac7d46cb5716b68acdeb00987e429fe6a394632c83b43336e7b51d9cfdb50e83d8c6ba1784d9f74c16b476e048e65e7ac0af683b347d7377ac1795422e00e5bd8da9b313a983abb3348861116de7a99959169b7dff9f7d9b7a6d107f2e76670a6214a419bf8298f80eb570fa29264ba57a383c5ec5836ce33104ecaf1aec76e311280a1d2c8bd7abff3a5a5d78aca9c680d72b60da4dbeb0e1e6c3ddc82898647c589a81b8f92db06711d8a0af05560cd77fa7005283db71e8da21713fccd450822062b994d152aaed2cdcf0dec9c60617e15ba4df628da4e71279bf9d1eee5c7f055c27cddfdd45f9225d5d5529ef7119e2e3c9838e7362971e069be487797e949b24297de19c61340d1cd7a2bfa3880b91a71e934720a59e1e0ea992d2a1633a0852ad8addfcab73a291e35745e694a6471f429b124305886c1f79f67c78de3f3ec998c91e7fc59d26766cd446f6f0de603f2c6892e13cdaa37d9e8e118d098b6986ccd991993ec152193e7d77394b05b99e7d310c506707f1be52249438fba9615f6dad2ec7244fedf36e34ec311b7d6bee64271d6491079e161190ded7e28e2ada4307a9b2986c267b1a30d2f720ff23408011f1d589ce9ee77f981c7833656cbd7df5b3a87ec253ff7c7ef1e67ceeb10c93e3fa683cdadad65850ffbc402b7744e94cdecef9db9d264c755c53d36278df23d4c9685fdefa69f7588a33b8a64b35191ee81abcb9765577d175cb06e31c582807ff7243bfef44961fbc0f8a235242f51ee991ea621803d4dcfed90d26f004b299425bf219f6d185fe6e088ae44601b03defada18794feac93787696a5d419f09f769bc590f43d2df6a131f6895da2de120c2644685e57b1d476c6aba5881e954fb2575356452b118b942cb02b4ea0fcf8f1bbb9a23b6e32c9d0accd3dd861452a3ad77b38fe709e216974932deb5397fd8033ff0e073d93ac0b4be762bca0424d69bd57b22ba914133f87671a29498b268c2911e793215463ca2164e38059456107dcb29beedfd6277e2b41a11d1c6f1361b19875c9384f04f9c53c1801000000000000005f7aef750ec0cf2bfcfa971c017ad071b69a18fdaf970b384d4c889cfa5a0397dbe89543a5c6302645d6edf959aa60709ce0225fe6c3266c7ef62157ac8e78fddcd8a1f2ca5b58128218d19276885515775326aeeee0226cc810843eb05144bf8e2fe3340cf60b32cafd96d2eda30000000000009a2a3d88307c362633b1c5637608ea8476d900b3f836a9734b5ecaf5e82983577128d3f74b903b0e3bf64326c1b564ae42aeeb0c07702b63a9ff74a2af6b45e5185a53f36c17bc29dfbc0ea28ca5cca43a15d751e9887ad3e6a87faacb6a278c4c8a8d21b9a77b9776f33102a6e645e99cc5cbc543ed0674282c2b9f8e5d14c2599aa9ac8f81438c77f2b9368bdac82edcdc5366f39adec9e9a3fbd55b79abc16d2ebff26b7d0c88f18b486e5836333575e3fc7808cb423b44781c57965767862922b4ff32d9bae76296843a46f430211c27ef9db168430026a5691623284dfd459dbdd1f1a6ec9bfad666507e6eacb1e2a7866da2e12e6d596d0bbb150500590013d9288af20596447f97bf1744eb9cfb244d8fca269b1fb71e14de664be4e95d83fff1b8abcfebcf3e78c1c66d28f260fb0c19f9fbcd2abbdd7dd7246e49dc25d954bf25f810a2ff6f9069dfdc62e7170fe3b0964b2ac95024256dfa3e7a426be5bb5f707fd82c2b3afec5d5dcf5bbb8fcb6dbc1b59f6c5330966c70d8b016956903a4278817414ba3652a102d7e7e37ecc79400267fc3bf7601c0731f87d479c33f100735e748874155267f708cea49d549e93cf7a398b20373dc90ad9afd56d9c77cd24e2c4a18f7130b366c7fe5b27ec4d11ca1ed1b98fa0b4d7396f82ae6593f4575d19f4d8fd586c991129e5cbe15c8bacc89c3ee15ca471dea966b5c48ede0d3ba2a7e28c75c04e6a4aa49a61f4e391ffe78eb5e40a5ef349f3aa4d15f2291cc86ec7e47ae301bf0b6083dae44b695820a893d46732553ef15ed1c16d28268d52a7e3a7e7c009d0c0708a356d3310c1ebcbcca4d7acf433e34bfc9fc115498142dcc725e7a16879c75e4c2f01c6c98b39619f3248bf530e6ee593467e38cf4026cfdc4db6296565722d587f3c580750b1453ecc141c0461495551297d88ae034acbd4f5e80ce198e6640c4c1e9501529988109cef006eb2090a6fcd974d7f60290b78f1a8ce3051ac2d69636c3219f0a6ad8c254764396a1684b2fd9805b1853525f2e640e513197283cc4d4073ac033e0539a88f08aabe1423cd40b8a7e073437d812b57a5d39a0531dcbe13f4466e89efc66c2a1e4b39a3e0b3073c9d44e6cf9b85f4df5c4e03628d05bc0f94ec04234c9eca4ed17463f190406834b02888728f625371cda75d15ec19efebd59f00ab659eb94eb88bcb2110862a369ad599610c1530fcc118f5b82205bc5215fe3623ac8ec297d8ff4eee75ace20731c5d505e6605c26203b7f754164c9463f0a6eefe3a2880b8e06e7bc66bb2adcc1a3f9b0325f5ec31d12a25f1f73c2aa6bb3a7680d786a082a63b13cce1822fa6a4b085a871ae3409eecbc1fd8661b5d52bb2b8b72f23e24a225075f272ed2ba0c6c5c693811a0ef8db6da7cfe7c966c647f0187ad223eedb1012a5b7af103e98464ac768c79b21ca45b12a52cf261de0d367442cda71c4b8ee39c94ded1b22ba06c13836cb467ebab4efea07bdf1e3de8da56a0ee6d4f848011253cc21fac10700003513d3167b7a73e0d752b861c49814bc5410ebe53a0264f76068c91ee6ec9e2daa343482b2f0f06e605c5aaf81f2a3cd570efc2094b4bc452f9526f1bbe7b22b694fb8109a5a987fabf6250912d6099e67da9cac79e8b6f2cce4702d1f17cbc5d06c38b8a48155ec758369c185ded839fb58cd736fbb74105fe5baf44e7e3ed06843f23601b60a43b1f88fd29e9b3f58479f9b95392a39d5ba1a31ee4441ca2d1fb57c0a8678a07a724b7a65b2ab16d1da197f435bce3ef003fce27fa2f0a67c9dd6c930a4bcf59e79e57b010000006fe34972958c28b56642d14ea89bf4d7d6f7fcbcf413a9bd08fc9fe424de4359112b11f81fbdc1505658363697713ff6e1f8ca3c4be34a79993a9091f6017cda6c7489ae5c07062555231427c3eb42a049f42d22a060983b044a7d34ab5d2b5386cca79af72396a48aad6b8dcd7855410fc6106e4a165994f26efff1e7ea0aa8f560333b5dfdb2a0d899b0fda955155f90c75effd3c9535d88508e836feb7807d57b2a57cca42d3d08fe7de60d2a33376f49bdacdd3f814bd0927f417f15ad62a10b302f1cb390aaf82b0bc6af46bbf990b6ada45ef83ce13029d167c65134e7b82b59ddfdc367e61c40defd2732ccebb1d4000f6c742df964e1fb390c255d2b1dfc745c6ab34af8096b5b67aa179e3f341854f7a69f7bf47664c832037ec7a78f8e27209e3f20f833fb6e8c0fc4a40920a5ad2b0618982ff72540009d5db82f0f5bcaed2a27f35d1e50eaa0cf8e48c7a2d43c25d0264db750a7f33b44a4bfaae576cf9ee7594ed204513899566564ed8bbc97ed18b1d8868f926a5c70ac06fbac1eade46792186be7bf8ffa3301239edd093449b7d77192782b5111c14169d2b4a1b3443ad62e4abdf11aac6a5b89a5b20ab0ad0abd949b9d64582c67ffce018e7e46de4091fcc77a65b971fc67c8d9cbf0c341ca764b1056ee5014d9865059616a525a1d46ae2fad159afe86dd1df9b8246411827e19535ca0aa9f83050b06e70aa2737f27e93d584a9cef878a642e9361efaa5d20bd8da901fa2e064656f686d3b3ea31d1d850ae9104000000000000000a32a717e09b6b7e75d43fbbda76e43a24f186d5578933f408bfa28e0435cde525fb91e71d92d704cc5a9b5e3db7aaec46d2b1f8dcb3f921f69bd7397c961656cea4365c779abf76199cb5b6aada022edec5c901cdafa2e7f3765af9c8b20cb1a6785085fcb0dc901367b89051bdfdc6b68c5215fd04e2b3c7e1c454a4d21132953b25c50995af0f7159a5a8d0a1621f4808f126a5bd40ddc79fed90f49925ee367a57a05c070fbe39fe2c213e7c1724a907ecfa69efe6e021c06a262471a4377f3c9809e9fee4f375e27c31b6afbb2151da86b7cab63c7b4fa4b77fb30172b9d0d78b1c0535ec0639c4910b5eeecbb5b8b5c8aa74c140e7ad347812e36db3097a7ff85c09ab2c0020202307f50efefc06497b9c060ca68c4be54a9165b4cebc6b2e2e14e5ffb9213142418faedcdf26fd326b7672399e71cfffe3ed712ced5317c254f9199ee10c24c802d102bd8749513d3145201ca4e01bc7c8bbcf430afa541ec5665f86dfb143be648521bb0f2b029018201444787f644f8c88b79e754e6ea9c797babdaec72a9680abadf3a41684cdd57c2b6e833acc0846be5aa927f1b1b36562d2acb9ecfb758455230d050daec6748ba280a5edc86d48e3f8af0f8f4ffb18ae3cd3c19a82d504a4fd52bb62289ae8026572a497fe268f87ef4b4b5886aa07eeb698b7cbf99683f710afc9ed1f8a488883ce0eb8f7fd055b82a9fe21a409caa231c41ba151008e9658919c611e157d7f3926a5e4248532a6860e615b9c86e9fea212128d96ed58c9b84ef22706071eb69f492e4d8321ed9faf6c6a8928f86172bdc930244583ea15be497d9ce4ae79cb3e6293a8512ffaa9e8e358f3c7c7117001fb92891a40b84f9126cc3def5cde67f463bbac9668b9f56c3e4ee72fceebb47e52fc226bab213d8193516e7064459fd1365350a95c5a1c3ac44a73bbba2a4c17ebe4bfd781bff1995cd706b77bb533117594ad63566f4c0730beab85ff4c713b7f10b95480fe99a0f676c51ca11116b21e87887b462aa9770e85509e4e60f198148115f0a3ce6028516a946178d1acacf7767f6be7277891369eff67762aa58f928d48b7231e44d899cea8289003349117a53d61bc27b207fdc91c9db61e677d1e1a1bc6a1b6e8564130b335233db4b5de8d62324e6d0ccb2b08c2ff922324eb8c506711142d4b8d7a21223ef0a3d534fdb0de58be95cd827152f71bdd0a82766b62b4c87536f0b7e7df343c4263187da887de6e65d11d0360e2376c1d71c367ae85edeed8f767d24c644b1a9b455ded1dc3cc224f99936a6ee66931c45e5e3db2427719ab2d5cd9c20d9bb0ec004b69bccb00649f3d8e34a3572c257de114b9f027d76bc7db9007175cc03b9e2061b6b3fe7409e009b5371544e56fe438cbd361e5b11efbf2d79d1c250a1e73ca8c601c4f4d1e3761290950421c48c7daa45965e472f5ef3c4b8597444dc5dc01cd25358055b5000617f3e7291da3413e3f0853b1271366612405c35ff1b785b984d921b518425628a533a29ab65d3c11f44c6daa86f8b6457ebb9419274c481aa6f3fa4547641670aff58b9cc62c0993d49a509f02dee755ee5f1fd2710c995c43a91c4f873afa1bbdff19427cba2641052a8f361ecbc72e8a6cf587e83f8bd3110c95fb080edc77a6d43cd58c447b0e02261e4109500c6458dce70acb17aa8f9dc1d15b94a61354164031b5d563c25d0246fc45e6401cefceb501e1468903e5d677759dbe3f24bd48ce55ff8b8f26529fb3b2d669202a1e8a498984b449b4830a0126b18f0e78182c9ce78fe0c448c0e27845b926cfde28fa85e156fa98fefaeb19ed1247c9643b447b4342c94c114d3c4c35eed4d5b49aa70e6aad45bfb557f15e8fdb2d6e3d10d8338a13fe3f187751985b37a5bb10b750f79e36fc2e2ee9bdecc3ed156e202ed7b45a94809d77edaa398042fc6a825a4848c334c557303d24eb3f8e01be06995ceb283c70272b00da61c3381628f0e372fe2fcc779ff7daf7e4b7f2686c39d3fab674b8867b62b0bf9d5cfd0c1d3b270521f55f147de75142ffd7fc9ac7e5dae7ca2fdf26a9222d060823852409dd040cfd1f66f218c6dbdaaacddab34b123af22f97384d64fac64d84fd638c96378c8f9532a11927d48440bc777ff8b8b9be88f930f3b579a713c0bc449dca3a3bd5f2efa98240ccc594299e44451dc60c6c5c9edd0d7b777912b3dc40c57e0ea5f4425cd7047e686c7304f04ba9f7b5de6ad2bd524f1d29f8802a524441fa286015adf4589431710aa4d76de8a956dc1d39c0a13abb7fc309d24222d036e204ab6bb46ef8a7595d9e4512e0b9d5f8fd719a4e3072e1d806967045789c67a1681f2a9f1f4b19f4f5e1afdafc17db7a6d5196161499e62ab4b0ec27648f3eeb1fb2b78f8ecf9b05cf9509a3b9e2a361238deb1c91bdbc8b1d11bbeb939fd9da811cd439069da0ecc00665d72357aac01f259a0325409b201859cc0569e0eba67a7a9ca7e8b78078d9370bd3e37f0571680ede60cb6bbfe69435d6ab5efd80cf051d119a7004fc0b600844d49218d844de8f521524a47ee50229c7da25e42a8639b5db225e7f23967f5d4f8a297aff04a3cbedc2985b6393a5ba0b26b6c7b4ca22d369b35b410799d1ad02825104d34f73408db1948438597931ed1c1c260e78340517bfa2f734537dbdf5ec303518ff4640efe7f7b1c2f46babdb9247ce8eabad9718a8b9ddb7a18d5e87ced554c9d6de78f85d293349590c6c32483534bc968b24a28eb54b9515589d6dd8eb51a5ad0b4d896ce92250397cbc404323fcdf0ee47ed634e0c58213bc5b35a72b21a098e11b79c061430dc817c1e0c79a5b6ed3b002979933f1b83a17f250b1bd6a4958df4d75531ca03efbda89f6a92fe08c23ad9014ff562a7f3dcde578d6825b9847b5df04dbca4f2aa52d8e0f4cf8183ce121e39b50358a9796acde0372a8ff97769874a80ab997cd889145aad4888c06963c2f5b82f53a748a6729fbc79d35c06d84e05c62e44ff78040e56ebfc6efcf0d8b49337d5a17c4041f0d5a8b616244d585a162b69db073accd9071d12df5b326a43b834bbffc2f2a60deafcbddf1c6438a1769d6fb09fbe1990e89da12164ef237f326edb5be64bb64b143a030de8a99b3c5e543c871cb581e2be090a92134aa587701f864907cadd7c1ce20fcf8f5dc7f7ecd06a6c19d89a92ca0ad4393c208b80bba990c7a3702a9c79bddde75d5db244719ac32191b6ceb041ab541fb47680a97dc0422b8a50d91e32cb08cd341b0b099aca5bd12b69d4f89d10b755b351a6489180b786a3bebac926532a4a2d85b07bce6c090d1aaaff079e36d5394a612f1351b90c13a0fa6bf9d188d548dfe6fa51a9026edb52009c03ed45ac51d05c58a957bcc67e05a588985ba00d79f33ae9cdd5f5721d9fdc72ee6e880708be87e8a60c3c035c146f2091d1b9a4c2cfa56f292fe1ba62290d4e56c05669291bbe917f3cac51802a2cc8e9c90dadfe666c233c5a5bb71ee17deec51ce60c73f57bf9ecb84873afcc44815131810c6c1217bea485ef9aa2785e859b25315ef8aa3a274982786e45d622ae831fb76010d69a181b069e4cc55d4436edb10d1119b0c6000c6d5cff7c72f740a59dc0507e7a952b69403c62673f122c9d1264fac6ce2262e86cd8d6a402672f88530fc2d16f31736dd497a4e853253ac8d5aff8d1376895e9f5519b2490cc2a2412ba0c99cec855f668837310035e92fb646486de1b0acffb91ae7516df3eeef381456b55e65baa58e71461c928687e699d2b21814805591382e95e1b970aaa53259917f070281f2336b7d570249d838b3f1a32753c336864e15f4561badf8fee034a29c52ff3fca7456ae140f8304b3fd5b57c9aef3f20c664200d235f236ec47dd2fc20b14dc6000812237aea992d987e5460679e8c5b76d931ef6d951e6c7087e3106b6ce2db9de6f228fdf3ffc38710c0e8d5000a195a79d1fa2301038f5b27c40b09c34c025e5099d40c2204ea0eae985263c9101cab88d6857a320c9e497f22348a24861a5fb8d734e08cad09f9933748ff01eab22f17756f58688dc1b486a397563ee9ad0784b8833cdb5f7c6bcf76d9c1105f71c3c6aabefd70dc6cd5c66d31caf916145ac5ed7fa070b4277c0448ab1eb78c943be9aeab0587d321a4bcb7754f070881178f8be668b686124899fac252519f4b60ec42db766a908755040463125c26850177402a977246d36d23afac0a11889d54640bd8f6f670d686cfd33f6fc5d90cf6cbd63d9d0fd201dd4c74dbbab899f3c23c0b7e37ea0b2aff421327200d0da58b5893a4186ae3652cc6e11c2c2a0e52184a3872532090000004cebf4f31333663a620f0dba0ffd89c3124380075bd28caa6d449a050b3661b8fbaf4747b77c4928b1378fdc8c7a7b38ade1aeec44bdfacc8271d0b132b2029b0f3582f9919f5c8cd543abc9caf6b82b197cd482c3ef61a64743506342bf50a3c1ff544563bb8b2002911ee1fad698f4ac133ffed5bfe81239c918207a03c7a8bd71a0a502aea78d38e970e3ab2abf754b598acb79af276792aa08724d0ba24f2a694912ab795b3f45f52dec50d9bfbc99ae27e1d2c2216afec6709d6513a64b29ef58255b00003a1e15487752eec8fd019f1d4a7aa25277664754bd2d7cd3a7a018b92c56d965a1974885363757286da9e055ef7fac17876f0a64c1026a597733b897a9155ecbf420159ae8e5209aa83a3544fff1fb4566f2d54f95e3bbd30dcca5f24397e4bd47ff01292f0d6fe9dd47a810e0c25382fa69b4987d1afd9b69ef125110ad6b240eaa9c85829a2646f9ab7874bc02bfa8346cc9190943e9d46b44880670b1e2aa3a29e83be5472d7418885a353faade6e8b18f4b588607bbb758588d1e2f11a9dfa1c4d61be50249f1ee32e6ff8c0c7722aaec1bc79654a4772efc578bd6a14c79abcc77a4e09c8b6c6ea35cd3ab31e35268fb55db843176f8042f8ce7be0ddd4ead6dbdad0ef9e7cb2323db5cc48119a72b27306b8ff6366c0bc682a85ab9e2cf2238b6d6eb2e38a97d5577e6334cb2aa6e7c86e489e876f9d7053577a5cb57f52812fab7c4bd7b19a34c228ffb67dcac9281612f778b58c580c140542200fd00cb3ad81d93420df93c5af2493f646d8de797102fa0a65247317882fbf171520f00b2c7638623b823ff11444fdde453570f99f9099b60061a908b83383ba8b82bb78edd074dccf9342afdf8d11a6129ba6ea7030f3629056264f1736c2b926171b6dc7e1fa455a473de656390495f3b6ad2f9f46f35eacb075628ff739ef78f28ba683448068c7f18fb63f28ba7dbbb78999100dde0a94e8b8570817c7114c13e139ceb333782b29a84a5b19497fa785915c7680dd7f972cb59ba22161f60886e5cb3c3e808726cbf96bc4da78914eee565c6d9d18e70d22cf8c0244cf3cf488c3550eaa400bc0f26d64e0f1bc8d0301a841d954073a641f3ef883d81f4d5db8e9df708e64e640b38df7295f7fe573863653086bae5507c880ab7fdb7a6c5ce77027ffa7395233d3ce536d77ae6c2e9c8ffb6fee78a3bcb3b5f888bd595caa3a5586948776b950a89cde4db8247ffff27491c882b430afdd60e7a22324f6635a9aa7139f3e624c6d9ece60f7f8153b2080cf0544fbf8e1c436503766e670b902604ab521e11aa5a65cedd64cfaf898ac5f55c08c87693c323517bcb0d99c28f5e072d4f6540c7ead70138d47c1a67fd72bd6ef5613af33a0af311c3d0a631ca2a2dfbe35d1021eb610e40b9be128683235a788b5a4cacf99babee382458d59e8aa1dd7bba7e09dd30c055a3df8ed721a1778b2c6ed587a403566325cd19962edd7831caa44a6b716517bad502130e7cf6a5ce5288dc84c0170f622ae0b1e1166a9c2c0771d91df9f9dd82ae210469602ce38964746c1c1d04321aae7d464eb801dbea7ec39505457e778208774d72673626c998b002c46a9b4b1e390d9344f0ca62212a1b6d41043a2100b35196bce42d40caa0ea9a486bf8526fd1f0f0d362c2cac463ea7377a20b54b9435442ca529fc00da4fd7e27c4eaf14215a06857b54254c26346956fd7fe215a5ce57ec38cedf50a3c759e563a4fd87494f00e7bd9b44f3b7e99c6ef67187056a21d2fe1ac9d24125b1947eb293189fdc448b591af4d9b8eb091d6bbb5e50fae79d000044e282bb2ab6c63cc9562b151c214e45015354e62be63e1881238b907f7bdb791ff44a4e03fa29dbd26db2f49d0f4729b7cd9ba69a65b0b493466d35d09b3f590c67c31660d95e2ab4af2c9f1df91f912c5a57dde2d75206b42e3423126774d76593c2f713ae279d7092506b513fd5d18f0f52d3fafd7141dfd4a0de1063754dba865faf8dc0f6be9d90ef21ec86a275533f6ad4b4e360dc775413f29eab8b3daac6279b9abfe163ea2f183e09ed91ef67fbb090875109288a182cfdcc46d90678efe5edceda6518335e678438cac4bb47d376f3f0e12aa55301735d7f42653c073d6a4a37b2e17d332dc1be6b50918c007b14886307cc39250e81efecd63d24067a49994572725a9df1760caac13a28f5255556b27ec245e93969b85cdec7cd1c2d2a433d3f9572b93054a7ce8adff81bc1d30884d5fc4791e251bd907e37af5bec74235c3e2f804e4e0450b715289942b7859ad207bafcfec1b586dc15e7911fe6d20aa3d02fcd47e9956780e300d7c53c17dfa15754deb4c20efebc7270bda0fa6b37fc88c6be4250cac38c1b8186b364482026ab52d65d3a691903fccc39772277011bfaa421adba76bed9731077bec885ce88d40f36bbd2a839c67dc4b862c968491b877d4fd13fc90f8da57a29121e12f78e85af765cd66e72ba513593fe1cdf20019985b065d828707d8e509c6834eab188deea5c9ee97955f4b07d37b6fc7beed73be94887d423a349f35bb8782bc670ceaec870d97f061bda02ae73f6d575f81e0b6326eae6c1b3085cc584686120e12dd9ad8ce44036bec8a189f900", 0x2000, &(0x7f0000000340)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)={0x90, 0x0, 0x4000000000004, {0x0, 0x200000000, 0x7, 0x4, 0x6, 0x4, {0x800000, 0x10001, 0x0, 0xd, 0x0, 0x100, 0x10000, 0x2, 0x0, 0x0, 0xfffffffc, r4, 0x0, 0x2007}}}, 0x0, 0x0, 0x0, 0x0, 0x0})
newfstatat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, <r5=>0x0}, 0x0)
ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r1, 0xc018937b, &(0x7f0000000240)={{0x1, 0x1, 0x18, r2, {r4, r5}}, './file1\x00'})
r6 = openat(r0, &(0x7f0000000080)='./file1\x00', 0x34f580, 0x7e)
write$binfmt_elf64(r6, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c460d04000c028000000000000003003e00ecffffff940200000000000040000000000000004d0200000000000000000000000038"], 0x51)
close(r6)
socket$kcm(0x10, 0x2, 0x0)
r7 = creat(&(0x7f0000000080)='./file0\x00', 0xc7)
close(r7)
r8 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_UMEM_REG(r8, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000), 0x101000, 0x800, 0x3, 0x1}, 0x20)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040), 0x0)
r9 = socket$l2tp(0x2, 0x2, 0x73)
bind$l2tp(r9, &(0x7f00000000c0), 0x10)
sendto$l2tp(r9, &(0x7f0000000040)="e5786a0d000000000000c83b", 0xc, 0x0, &(0x7f0000000100)={0x2, 0x0, @loopback}, 0x10)
recvfrom$l2tp(r9, 0x0, 0x0, 0x2, 0x0, 0x0)
execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x0)
setsockopt(r0, 0x2000000, 0x80000000, 0x0, 0x0)
syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
mbind(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x4, 0x0, 0x0, 0x2)

2m2.408863177s ago: executing program 0 (id=744):
r0 = socket$kcm(0x29, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x122}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, 0x0)

2m2.140391365s ago: executing program 0 (id=746):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="16010000415fbc108d0ea70031b501020301090224000140"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000df713820f0031d58381f010203010902240001000010000904e50002ff0107fe090585"], 0x0)

2m1.831803921s ago: executing program 6 (id=749):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0) (async)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xe8, 0x0, 0x0)
r3 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000100)={0x2ffc, 0x4000006, 0xfffffefc, 0x6}, 0x10)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="18000000160001f47efde4be701161000a"], 0x1c}}, 0x804)
r4 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r4, 0x50009405, 0x0) (async)
ioctl$BTRFS_IOC_GET_SUPPORTED_FEATURES(r4, 0x50009405, 0x0)
creat(&(0x7f0000000140)='./file0\x00', 0x71) (async)
creat(&(0x7f0000000140)='./file0\x00', 0x71)
mount(&(0x7f0000000040)=@rnullb, &(0x7f0000001440)='./file0\x00', &(0x7f0000000000)='zonefs\x00', 0x22e48e7, 0x0)

2m1.646257038s ago: executing program 6 (id=751):
r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/power/resume', 0x149a82, 0x185)
ioctl$TCXONC(r0, 0x540a, 0x3)
r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/resume', 0x8080, 0x40)
quotactl_fd$Q_QUOTAON(r1, 0xffffffff80000201, 0x0, 0x0)
ioctl$TCSETSF2(r0, 0x402c542d, &(0x7f0000000040)={0x10000084, 0x3, 0x5, 0x0, 0x40, "bee3bd00", 0x7, 0x6})
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0)
mkdir(&(0x7f0000000140)='./bus\x00', 0x0)
setxattr$system_posix_acl(&(0x7f0000000000)='./bus\x00', &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000680)={{}, {}, [], {}, [], {0x10, 0x1}}, 0x24, 0x3)
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
recvfrom(r3, &(0x7f0000000180)=""/36, 0x24, 0x10122, &(0x7f00000001c0)=@un=@file={0x0, './bus\x00'}, 0x80)
getxattr(&(0x7f0000000040)='./bus\x00', &(0x7f00000000c0)=@known='system.posix_acl_access\x00', 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000000)=0x15)
ioctl$TCSETS(r2, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x400000, 0x14, "3eccd8000000000000000010000000040100"})
ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000000c0)=0xf9)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000280)=0xb3)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000240)=0x6)

2m0.719567653s ago: executing program 6 (id=760):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000780)=ANY=[@ANYBLOB="1201000000000040ef176760000000000001090224000100000006090400000203000100092101000801220b000905810300"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB="000a0b0000000b0101"], 0x0, 0x0, 0x0, 0x0}, 0x0)

1m59.600722795s ago: executing program 0 (id=764):
r0 = socket$kcm(0x29, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x122}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, 0x0, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, 0x0)

1m58.79545145s ago: executing program 6 (id=767):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="58000000020601080000000000000000000000000c000780050015002c0000000500010006000000050005000a00000005000400000000000900020073797a300000000012000300686173683a6e65742c706f7274"], 0x58}}, 0x800)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

1m58.61464982s ago: executing program 0 (id=769):
r0 = creat(&(0x7f0000001380)='./file0\x00', 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
shutdown(r1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000200)={<r2=>0x0, 0x10, &(0x7f00000001c0)=[@in={0x2, 0x4e23, @rand_addr=0x64010100}]}, &(0x7f0000000140)=0x10)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000040)={r2}, 0x8)
getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r1, 0x84, 0x10, &(0x7f0000000380)=@assoc_value={r2, 0x58}, &(0x7f00000003c0)=0x8)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ntfs3\x00', 0x8000, 0x0)

1m58.332873984s ago: executing program 0 (id=771):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x60000000000bfff, 0x0, 0x0, 0x2)

1m46.419862609s ago: executing program 1 (id=802):
r0 = socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x3, 0x0, @mcast1}}}, 0x88)
setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000600)=ANY=[@ANYBLOB="01000000000000000a0000000000ff00ff010000000000000000000000000001000001000000000000000000e0ff00000000000000bd0000000000000000001300e4ec010000000040000000000000000000000000000000000000013da51fd47aa2e2f70000000000000000000000000000000000000000000000000000000000000067ff0000000000000005"], 0x310)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

1m46.248912275s ago: executing program 1 (id=803):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000780)=ANY=[@ANYBLOB="1201000000000040ef176760000000000001090224000100000006090400000203000100092101000801220b000905810300"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000140)=ANY=[@ANYBLOB="000a0b0000000b010100200000"], 0x0, 0x0, 0x0, 0x0}, 0x0)

1m44.516772903s ago: executing program 1 (id=805):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="16010000415fbc108d0ea70031b50102030109022400014000000009040d0002ff000000090504021000"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000df713820f0031d58381f010203010902240001000010000904e50002ff0107fe090585"], 0x0)

1m43.128954039s ago: executing program 35 (id=771):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r3 = dup(r2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r3, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0xe)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x60000000000bfff, 0x0, 0x0, 0x2)

1m43.043252737s ago: executing program 36 (id=767):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0) (async)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="58000000020601080000000000000000000000000c000780050015002c0000000500010006000000050005000a00000005000400000000000900020073797a300000000012000300686173683a6e65742c706f7274"], 0x58}}, 0x800)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a) (async)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x16d102, 0x0)
r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000400)={0xf0f002, 0x5})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) (async)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x20000000ec071, 0xffffffffffffffff, 0x1000000000000000)

1m42.011852288s ago: executing program 1 (id=810):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="16010000415fbc108d0ea70031b50102030109022400014000000009040d0002ff00000009050402100000fa000905080240ffffffeb"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000df713820f0031d58381f010203010902240001000010000904e50002ff0107fe090585"], 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @loopback, 0x9}, 0x1c)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, 0x0, 0x0)
socket$caif_stream(0x25, 0x1, 0x4)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
read$proc_mixer(0xffffffffffffffff, &(0x7f00000000c0)=""/171, 0xab)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYBLOB='?\x00\x00\x00\x00\x00'], 0xa)

1m39.505504371s ago: executing program 1 (id=815):
r0 = socket$kcm(0x29, 0x2, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x122}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sendmsg$inet(r4, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r3, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000140), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, 0x0, 0x128}, 0x0)
recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r7=>0xffffffffffffffff, <r8=>0xffffffffffffffff})
sendmsg$inet(r8, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg(r7, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001dc0)=""/4096, 0x1000}, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x89e2, 0x0)

1m38.544794978s ago: executing program 1 (id=816):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4000001, 0x13, r0, 0x4807b000)
r1 = socket$kcm(0x29, 0x2, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000000)=0x6, 0x4)
modify_ldt$read(0x0, 0x0, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40046f41, &(0x7f0000000440)=0x1f)

1m23.460912097s ago: executing program 37 (id=816):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4000001, 0x13, r0, 0x4807b000)
r1 = socket$kcm(0x29, 0x2, 0x0)
setsockopt$kcm_KCM_RECV_DISABLE(r1, 0x119, 0x1, &(0x7f0000000000)=0x6, 0x4)
modify_ldt$read(0x0, 0x0, 0x0)
r2 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
ioctl$FS_IOC_SETFLAGS(r2, 0x40046f41, &(0x7f0000000440)=0x1f)

8.436932427s ago: executing program 7 (id=1147):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDGKBDIACR(r0, 0x4b4a, &(0x7f0000000000)=""/87) (fail_nth: 7)

7.180721725s ago: executing program 7 (id=1151):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x18d)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000240)={0x0, <r1=>0x0}, &(0x7f0000000280)=0x5)
setreuid(0x0, r1)
r2 = socket$inet6(0xa, 0x5, 0x0)
r3 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r3, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r4=>0x0}, &(0x7f0000000300)=0x8)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f0000000040)={r4, 0xe4}, 0xc)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r2, 0xf501, 0x0)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x29058, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}], [{@uid_lt={'uid<', r1}}]})
chdir(&(0x7f00000003c0)='./bus\x00')
r5 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
r6 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r6, r6, r6}, 0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={'sha224\x00'}})
r7 = fanotify_init(0x200, 0x0)
fanotify_mark(r7, 0x1, 0x4800003e, r5, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)

6.704678703s ago: executing program 7 (id=1154):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="16010000415fbc108d0ea70031b50102030109022400014000000009040d0002ff00000009050402100000fa000905080240ffffffeb"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000df713820f0031d58381f010203010902240001000010000904e50002ff0107fe090585"], 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @loopback, 0x9}, 0x1c)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8)
socket$caif_stream(0x25, 0x1, 0x4)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
read$proc_mixer(0xffffffffffffffff, &(0x7f00000000c0)=""/171, 0xab)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYBLOB='?\x00\x00\x00\x00'], 0xa)

5.055737138s ago: executing program 8 (id=1159):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
openat$sysfs(0xffffffffffffff9c, &(0x7f0000001940)='/sys/power/sync_on_suspend', 0x10000, 0x41)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000000)={0x10201, 0x1, 0x3000, 0x1000, &(0x7f00001b8000/0x1000)=nil})
r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r4=>0x0})
r5 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r6 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r6, 0x3b81, &(0x7f0000000140)={0xc, 0x0, <r7=>0x0})
ioctl$IOMMU_IOAS_ALLOC(r5, 0x3b81, &(0x7f0000000240)={0xc})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r5, 0x3ba0, &(0x7f0000000400)={0x48, 0x5, r7, 0x0, 0xffffffffffffffff, 0x1})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000140)={0x28, 0x1233a29f6c82338b, r7, 0x0, &(0x7f00004f8000/0x2000)=nil, 0x2000, 0x4})
ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r4, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000})
ioctl$IOMMU_IOAS_MAP(r3, 0x3b85, &(0x7f0000000080)={0x28, 0x6, r4, 0x0, &(0x7f0000000200)='W', 0x1, 0x7a})
r8 = accept$unix(0xffffffffffffffff, &(0x7f0000000080), &(0x7f00000001c0)=0x6e)
ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(r0, 0x8008f513, &(0x7f0000001900))
r9 = openat$cgroup_int(0xffffffffffffffff, &(0x7f00000007c0)='net_cls.classid\x00', 0x2, 0x0)
ptrace$getregset(0x4204, r1, 0x201, &(0x7f00000018c0)={&(0x7f00000008c0)=""/4096, 0x1000})
sendmsg$unix(r8, &(0x7f0000000880)={&(0x7f0000000200)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000700)=[{&(0x7f0000000280)="ab0b35b6a73b3fe46383401afe73b148976500bf00e5130e97b5978db688ef4e5d1cffda3bd2552b89dd8616dfe83ad2dca4bf5815def25f009117bb9bea00849dfb7b38df624d4287dde32fa77a1397cc542f6e2518f3f6cf3553b25ca1cd4b4cd63653418c42108e8f7d16d4a772c3661ce047c24b428166d7037ff67b7dbc1d23b8661c92b1456a46e460c1f962d124d873b31b28ab33050ecab5e1cb23594ef0e7114f33d2882133b918f8e948f3fbf1b34cbec1fdff12f07126000a01b3f40d9d1e9e6a74cc13081a16a7e8dcfb669f", 0xd2}, {&(0x7f0000000380)="c5c5f9d377bb9f684cd355441f7052d7ad6576e7312100afd647c79952ab59b572b02863df2056e2d2c2229366fb34c2da2a41846541c9fe136693455fd4cc7164d338582650fcb99a4ebc45c68dc76aecb661ee4719c4b645f2f345ec999ac8c9cc20087e27e2c937ee74bc3146b42b46f9014dc9f38a05a4fc3d77d76f1d2b95d9ba8647bb920a5598bf72d1b2d473e250305340044983b4876ed060d1778578983f861268dd90d8614bbc681d978bba", 0xb1}, {&(0x7f0000000440)="93203ff56d9e763d8e60a2", 0xb}, {&(0x7f0000000480)="7136d37d2edc6e2e670c29896ed5c8e6d7114cfa5e8b0617cf532a4ab55979219a5a80b18d63dde6ce94", 0x2a}, {&(0x7f00000004c0)="975e818176e6a6c4c23f904e8f3f4a82ba21618d706d8da73cef957b5d08cd21660af96401e201f227", 0x29}, {&(0x7f0000000500)="4ec70e01f3216141bb580d5d83d3790ad72a02c741787ea0975c185c5ec23490dadfb21f12c1c9cbdfa0af", 0x2b}, {&(0x7f0000000540)="5984b5ed70bdc1bf65ed83a964d035153648ae6cdc150e073c6f624ad5adba88e9d4da33e6c4254dae759f795417b9646a1333e089886c9953db76c4b19c4a1576a749ac8e17596a793d3ec762ba05bc9d30257391b3b987f1e7e6ebcdbad17303e48bd03b0d", 0x66}, {&(0x7f00000005c0)="211d0d2847c6cbaa3ef07bc032757d1a47dc224ebc29f6f23b71b8c73f051a1fb14e190324a9ef05fabb3c97ae86c9beb50c65fe56ff585263a68a7d8c429c89af2ad8968535d5a04deb74827a74d9e0e85879669c3f3ffcae7147a666156b67cbd454ce4ea19fc0ba53d0bce84a123dff73cc97e3be4ac6521b36d85e35c5aa827574700647cbc775fb8b76c0893e779191098318675f75289d77fe5189878edcd3fab6", 0xa4}, {&(0x7f0000000680)="62bf23967f228287b838653f", 0xc}, {&(0x7f00000006c0)="096a7a681ebeb4c3737e23a0834b8483014f8226858c9b36d5761154", 0x1c}], 0xa, &(0x7f0000000800)=[@rights={{0x18, 0x1, 0x1, [r9, r2]}}, @rights={{0x2c, 0x1, 0x1, [r2, r2, r2, r2, r2, r2, r0]}}], 0x48, 0x20000000}, 0x8000)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)

4.248784208s ago: executing program 8 (id=1160):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000005500)=[{{0x0, 0x0, &(0x7f0000004ec0)=[{&(0x7f0000003e00)}, {&(0x7f0000003ec0)="0701989fb918162f00418f2ded69d8770cd53a18d5be7677332f5cee68953900277119a8c7ddee90a0a3ec88565788c6bebb371f963ce2ab1548dd34a4675985c297f75e9b3c25efcd2d513e6589c9b0f93ff96001e8b23500ab03cb54f8dc125aad73dcbccced2617af89d4efff579f40752bec39705f515ed1f4e544e71b546cfe82a29d48b5bb33f4d399b51dbc5d9ecf14d783fa148f85518748589c00fb20c3816fffb12f89273ee6dd7d8afa756182031d9564e48f82569355d46f36c6bc085659d78e04161ef23189c3b36c7a70fa622f1094d2c48f7580c2b91435583ca4b1d365d85690e12e12c328540c4b3cca5eb83d9cc715e759b190ac9cd25a932090c9b3b0eb02ee90f3730b4ff064caadea1d1901199f91ba870693d31bb825c984e668ff5d446189472ada557bc3a6d3856d825d3a354254b07e2051eac4ec145da95ff2bbb6aa61d82a9b5521270767727bf6f6f0fde50bb52808bd0298abd86b322d93a09a7a1adf968fd3a110454594c3574b053901b06c747743a6b82e879af55dbaa6d5913c5d64e2c7028be9fcfd4ae560fdf39573af17049d9f54f8d95343b0e7383c31ac5c536ae295b70256e57087b70f7805bcffb9dc1292adc04897c3116a423af54c303e519d3ceff46e916641a0c0d5ab3247f1521051a1feefba4076789f4caeea803142f323544c0cfc8a15649d258fac86bb191881999b56c3facc88d5e291ffe089fcf03334735f8c58164c2a9d11211eefd5df282c425d5426f50eaf9fa1d04627f335ae8a91236636df2727f3ac33986c583065056c02f0f607331f04e52584a450fc617a9776dbfda297fe3676e5459a87eb2f29289f072c930d26f13f7439a392e0340e6de5f140f1a30bd4cad609482cc8d4c8825fed5ca146dba5dcee38c2cc000a647365a630324066bb1d6f7001cc3c4dc522e05b98860b4fca21e6b215a1ce4e9894f239552b621d38e73577b14c46f4f0657633a13d75de27288f90eeb934b2d223eb35d13370bca00ce93174266cf2a8ed76112faff75bf3ca7fcbfd0e0f6eef7013c73d3a8a07249d3533d8ce42ee4417cd7cfc3b45edc564768a0446138ee21c9f74595eb01757382554b5f832b7ef3cc9b963e61b63488f42abe2a241599927a58d65bbc7d33f152293003b298dea2f43f6cc0f35b70921bef7c0c0647ca2cfcaba2e93cf48075d96b630412356f49b273f8ead8e9aedc66a5851ea7750fad712bc202dadacb8abc67bcd76ad985ad8f2cc59404ee86d5d1101e39da78c7a9c07cc70b9db7c1ef98d6c5913b6c4f779d00f0523eef6101cf6990c56ed63542d955c518f770834d5d60fbad3a366f971ff2567e9ccfd9753c7cb0784ed573a36f9398aec42aedfd7940408325fece059bde1928bd9464edd694e143c28f7dba5eac1f78faceaf0677a97d09bad6367c8c456772572c738d1fa889dba63faf19bfc3e03b44bbef381642f6617d8c14f2bb36285c3a0eb0da36964a6533421ab5ecd30fa04a6f10f7ad733fdf3f3e35889e1e503dd5a13812a9554d5f35f7ddaf72ccd0b30ad5b47b6a87911d941fe18f893c587b669b2da063e20b3207457ca54278056dbd72bac0fe5592e3012a492582b39b12fdd4c4e88f2ed6e0224382a7d3f29ab80674194a1f67e5a1403acf87d8dfed4a3d9e062437e31bd5575315c6d55cdb19d22246df5629020f886168bf334c1ef5eb56848a90e79a19b07b2d4df6240160bf4a1c76d5c0ff7cf58b5d9992456dad1c8e88bcd1057d0083cc4604600ee13d3f19563bd4d6a1a5089ee1abc00834802de770bd7198f389ee946f859021a82da42abaf6d49abd4e4af545f67ce9e7b799272e7831252e89ac9abe43b608496f58041f8f7d5de8a1245dd0f226ffde0f15f9abb8e46d4420c61e2536b501f1f8ee57fb1b75d6e2218e2a494a7732809511e72c0bd40acbf2468241ab76cec2337cec0eb005bf319e6d86494940d8a66713e1fbbefbac8fb7089accc37e591f579031c62711bf22997900f676d730b38e13871635298b73ebe91a57cc338bb92a4ece03df9faae72e1ac69cc83ace37b3f380fead74eb37a984880ee9eb055ef9c0b6d130e24dbef4e33628ac6abbc8165f362fed96f40ad9e5bd352e166950fb64de6e1183a6a6b86cc343d3155061201c902b15a565ac108b3dd1baf185212bf0b134ce1e6d462db05e3b7f87e69034fd7d9fe76385030c23bea8b59a0598bbe27724a7c871a854887a905a21cf310703bce1e6246e91bb30a2083fae4668c8ddc50013625176fef70c9aa18c1c74492551d51ab3ffa298612d33f91e577dc541011f324eca7c398e6b74fce1af1b0c423db64546402464d0883c362c5088e0d624d9a9322b8bbee54e135ae1de96e508c8446f8c5f1e688156a06933b7f3be63d7f270ccca99080bca99d1088bf72fb56c7e77c19adcfe73876bdf30303bf536be41fd0317de38d3ddbd81ad86185cce95af605fc93de14875edfc9ef573de8a78803f457c955b04b5450dfdf3a39e896af2a5f4af8bfe0b828a192ff07a3342637f814eb7752481f3fd14f7108b1c82753bc5b5b876f6a8dd9c21a389575f8f09f475a86302089771584afaf7b2b53a6b23f5bd35722c10ce7f0059130c602059f8c6ccc613aa5a125dd837e2c696b04e7281ac55db559356822ad3244a2863d058b9b5714dfd9da713b0e2f61f06ec7f7940577d5418d43caf2b052b1e730061bd33933ef148c2b17a6325fa5f9eea71edce16765c51dd0a74d85cd3c7853cf3e3ca466e709c82ca9127abc44d05958fd3c68b88ccef8a4d7610afcacf740bc41c742703294a74ccd0acb7d6a74fd7326d3d9982cee6d3a0913beabcddb88e94ccb11f8252b6e23eecb52d42838755a0bdb9cab9688e656c818899b72de26c8d4a9240ebcd96c4984ac4e767a47dc43110e46c7650f9bc80dde81a560a5bc353b62e1364bd6a3cc179f6ed7b9fa695aef78b79b34ce7c5ccaf6ea45be31783988cb7ac53edeeff64918460ba3329004b7f9e2c78e69ee83bcd4f6d690eb747e51c90eee2839ba3ced61a117369479603b7cc4eb87d61ac366cbdb68ba2018e011731c20fc1dc936496d0fa3632123ff257d19234ea21facae128a99eb33d53fa85402f8d75435e67bc00f4d12cecd7121ea7c9f906d1b9c6c3bf7f19898e06b4c22290f7c24b4b0f4a57cfbad711a1c20962c44b6809c2b0f2fcfd30c78d74b0db9f692541b424f70b730a8191d680d30449102deae40d92a8206d10f0e75f58117a7453c164590f3d8a1480d6d35edb050c2d2dea412e20777b05235cdb2c163e140c4abf34c77a128b6e32a2c8f172b405f75155f5d01ace08fc514a2a2f15ee4d081f0e419d0ada9d6257ea7c72863e81573851f961897dc174dafd758c7fccbe55a1ad6882d540c45fe875813c83bac24955e93c694ff0899378c2e8419a79603f40c104e3048157a56930ec7cb206c467342be29b0274efe40696527c28b924a7a5df443448a3290b6025737bd67c31a60ae308a9e0929f253ef990bd3fcbc41907e6a488dd77b6b59e2075fd8005199fe5109687ea3a4f82de2de7736ef59ca1b5942abb4d1428f75cdfb1ff527ef215b5771ecea9cf6856d206ceda649d4aa780ca6dbeaeba43e4ba269677332e9d0331435bb1cf2fed54d3f4e2977b4f3c0f56685f0dfedd3f51bc63340d9943c796db2192e568b60d383beb216dbe23d3885a183834cccfeb4b8fd8afdadcdfa906609d73be1e936454804a4709bd288f7d24cf1681ac4e65391948b1b69d643924b69b59f960cd6b1a6a3448e4e2a1de36f6c015fdd336ddf5332f58974915e3137c2886d1926325b39880c4750969b32855232b473c96d5aa172f969debc6e59d9e44b77ff19800821a277d5888775b24299696d78ffab4029e869f9474fc0a8c967992dae58b3e42679fae8714b1d72951c1a40b1ecb3475b4f06dd9cb3097d19bd79ef5ac65cdb7ba8a33ac84929e8f8b08d5868aaab43973ceede0e90c5733be627424826e396d7e383d5b3955bf84c57c8e6afc26ef982be5a6a490de038777502b1ff0fbda601939e7e4e928bcfcd88f5699e0ebb08eca126bf461f73401733e25cadced3d0c4c773807ec47440cc7d4f682fba8a7f52b5399120ec945bd5765ed470927538895f464c7e4b16073e3eb62d41bec2badcd2335bba8f8993f8cfc9020bbec333f3f6d4e7e85862e0221cdc591bc2fc57d9e04f35ab38ac0eb7a4e84a4c50e0ba0978cbc066aaa1c873af6d79cb0c5f7e8f7ab53f1135ab0b10d65ffd6c8099e2cc586c82a1dd52b5b4dab6c976c4d30a773441c609de9290b45345ca67ffeaf3b1c176c9692ffe84db0d01be7a8c5713ded2e061a18c648a96293b2b61919dff333048c1dacbd256f1a52fb51ac3913c79df435bd6052f5a4a56c0478954ba9bdc6136905aa3d7fc92ba21b683429e3374fdb393a63db4e7263f75df0594932929598ecd081acaec4cbd0fcc47520d1e732e2ee7b26894a85402386b5a2d8fd8bfa0dfb04613ac8ac15b673ec2448790ffbc9f1fe1bbc483ba576c0db8a19246798ee80e3ef7c80e347c5216cf0a737c317ef381b4e2e8c8e9fa57be425208455c7e51eb0734307e5aa80d030f32a3724e95943597a93ded32294f0386a2be0522d40804692f181b7812363d31da5fed14c2e2e014ff0f89783c47cfefa81f0d92847c915ca41017e2e607b993d45a8b66ab2b5586d888d768268401d8fa9578b555a869e8173fa723ff96b32b0dd1c6e79d2a8f109b739bbd8ad3de0ecda7b7b674c7b4a7f377c476649671333c9b16ebe23ed3446421f1b90baa7c7ddf1d19dc17377cddd026ad98b397dd8ab1d82b6517379c5dce8e05d3740057f22ae8e502f704e17d0e61e1001ce9e82ec8261297190b29be274b24ffc40c674d7fea89239d3beeb26d8a920bafc00a1b74aa7ee7a04e2f2db237df4216d9ffe4a3db3843a5fe72452922b54638628678cdd15afa951071d79c8f06f5b97c7e95846b2cd295e11280adb17b2be95790c2485c9ad8552fc293f3c210ea411442fbf40d53e3e9aaca3976df32a554966392ec00f9ede1ba28ca09b3c7bccb315409748f6304316c91ff28a1fc87d5a0500d377924f36b94b99e9423507d83fd0334c4ef9e1f5420cb6d63502775735449a2e2d71febf73ad19239842b18bc2ffe711d304cd762aca80242e8fcfebaca2409d4f2fbebbc78d909415abcd6d4dff96e27b10b5cadd812682f2480ab02291a1a846762c44553dbe6ac68ab37c064723ce8640373cda966cd9623ddde217b90a9ebb25e86d731e12c6755b1d2818fc69faf9dd3d8766d564af89e839c51e32052f2c24e66718cb0dbdad176b77fa4bcb308a591fbda455685842651615df73ec21d146be972b5c3ce45306bd398f60f31548fd528c1646dba5b02f78d3d58e44c6e703fd1d76a5fac213fc92cfd12d8b59a315c783fcdc25cfa880e70c9cf4086ade7ddf89866033b3d15d425d6d826f2cb3d9cf9fc6ffee9b6af9c62b3c02edd93b20461013535cb7decc864bd4343f2c2ef69a468889775a35167122076c2d2cba996f702b732818b1a502382bca21f9e4da850932560f148e87dbc6d870a0640ee98a9863de9aedbcbe10b7ee038e7c23b1ed68cfaface5d70df10ce3197afd8ff4fe6b2a1eecaee87dde9889df96fc7058f76be530fb15214ed64695e197877db03eb1012cb24d8fd71f89da8d64b3bd8c4466b5209bf3dbcd193a067d2", 0xffd}], 0x2}}, {{&(0x7f0000004f00)=@un=@abs={0x0, 0x0, 0x4e24}, 0x80, 0x0}}], 0x2, 0x20000854)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
write$ppp(r0, &(0x7f0000000580)='L', 0x1)
unshare(0x2c020400)
msgget$private(0x0, 0x240)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, &(0x7f0000000040)={0x0, [[0x9ef8, 0x2], [0x0, 0x1], [0x6, 0xffffdfff, 0x0, 0x0, 0x0, 0x0, 0xb, 0xfffffffd]], '\x00', [{0xfffffffc, 0xf8}, {}, {0xffffffff}, {0x0, 0x4, 0x0, 0x1}, {0x3, 0xffffffff}, {0x2000001}, {}, {0x0, 0x4}, {}, {0x2}, {}, {0xfffffff8}], '\x00', 0x1, 0x0, 0x0, 0xf8})
msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0)
mremap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
msgrcv(0x0, &(0x7f00000004c0)={0x0, ""/4}, 0x2000, 0xffffff7f00000000, 0x3000)
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000000)=0x10)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f00000000c0)={'syzkaller1\x00', @broadcast})
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e1a, @rand_addr=0x64010100}, {0x2, 0x4a23, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0xce25, @multicast2}, 0x204, 0x0, 0x0, 0x0, 0x2008, 0x0, 0x200003, 0x2, 0x2})
write$tun(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000006902"])

3.740431949s ago: executing program 5 (id=1161):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = dup(r0)
sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="580000000206030000000000fffff000000000000900020073797a32000000000500040000000000050005000200000012000300686173683a6e65742c706f727400000005000100070000000c000780080006"], 0x58}}, 0x0)
mount(&(0x7f0000000000)=@rnullb, &(0x7f0000000040)='./cgroup\x00', &(0x7f0000000080)='msdos\x00', 0x200000, 0x0)

3.597000393s ago: executing program 7 (id=1162):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000e00), 0xffffffffffffffff)
sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000010c0)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000a00)=ANY=[@ANYBLOB="2c010000", @ANYRES16=r1, @ANYBLOB="01000000000000000000170000000c00060001000000010000000c01308014000400976f1044852bca665354bd217b6b9037200001800c0005000400000200000200080001000300000005000200030000000500020008000000240003"], 0x12c}, 0x1, 0x0, 0x0, 0x24004821}, 0x0)

3.419583996s ago: executing program 5 (id=1164):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001000)=ANY=[@ANYBLOB="240000001e00050300000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\t\x00'], 0x24}, 0x1, 0x0, 0x0, 0x4a841}, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x103200, 0x0)

3.288803153s ago: executing program 8 (id=1165):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1000003, 0x31, 0xffffffffffffffff, 0xfffff000)
r0 = open_tree(0xffffffffffffffff, &(0x7f0000000180)='./file0\x00', 0x8000)
getsockopt$TIPC_CONN_TIMEOUT(r0, 0x10f, 0x82, &(0x7f00000001c0), &(0x7f0000000280)=0x4)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r1, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000100)={0x4, &(0x7f00000000c0)=[{0x0, 0x5, 0x40}, {0x8, 0x8, 0x6, 0x1}, {0xdb5, 0xcd, 0x0, 0x2}, {0x271c, 0x2, 0x9, 0x9}]})
connect$inet6(r1, &(0x7f0000000080), 0x1c)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$netlbl_unlabel(&(0x7f0000000040), r2)
sendmsg$NLBL_UNLABEL_C_STATICADDDEF(r2, &(0x7f00000002c0)={0x0, 0x900, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="410000000000000001000603000014000300060afc04090300f006e8ffff0000000108000700263a0909140002"], 0x44}, 0x1, 0x1000000}, 0x0)
setsockopt$inet6_tcp_TCP_ULP(r1, 0x6, 0x1f, &(0x7f00000002c0), 0x4)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000140)=@ccm_128={{0x304}, "68c4502393926b50", "09f700", "1ab6c0e5"}, 0x28)
setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000680)=@ccm_128={{0x304}, "0600", "c7e0263773934a6ccd3b843739b73a9f", '\x00', "5460b4c38a406346"}, 0x28)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
r4 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10)
sendmsg$netlink(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000240)=ANY=[@ANYBLOB="380000002d000100000000000000000004000080240011802fe5afbf24fbcccc554cd9761e79b8dad8a2018544a3f855448c77987d9d7a52"], 0x38}], 0x1}, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0)

3.267838859s ago: executing program 5 (id=1166):
setsockopt$RDS_CONG_MONITOR(0xffffffffffffffff, 0x114, 0x6, &(0x7f0000000000), 0x4)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_open_procfs(0x0, &(0x7f0000000040)='projid_map\x00')
preadv(r2, &(0x7f00000007c0)=[{&(0x7f0000000400)=""/144, 0x90}], 0x1, 0x800, 0xfffffc00)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x0, 0x1, 0x0, 0xffffffffffffff80, 0xffffffffffffffff})
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) (async)
write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0)
preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async)
r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) (async)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r3, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0)
ioctl$KVM_RUN(r4, 0xae80, 0x0)
socket$nl_generic(0x10, 0x3, 0x10) (async)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
socket$inet6_sctp(0xa, 0x5, 0x84) (async)
r7 = socket$inet6_sctp(0xa, 0x5, 0x84)
r8 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0xc, &(0x7f00000001c0)=@assoc_value, &(0x7f0000000040)=0x8) (async)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r8, 0x84, 0xc, &(0x7f00000001c0)=@assoc_value={<r9=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r7, 0x84, 0x76, &(0x7f00000002c0)={r9, 0x4}, 0x8)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000180)={r9, 0x0, 0x7}, 0x8) (async)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r6, 0x84, 0x7c, &(0x7f0000000180)={r9, 0x0, 0x7}, 0x8)
rt_sigqueueinfo(0x0, 0x4, &(0x7f0000000080)={0x34, 0x1, 0x100})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) (async)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'wlan1\x00', <r10=>0x0})
sendmsg$NL80211_CMD_DISCONNECT(r5, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x38, 0x0, 0x100, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r10}, @val={0xc, 0x99, {0x7, 0x1b}}}}, [@NL80211_ATTR_REASON_CODE={0x6}, @NL80211_ATTR_REASON_CODE={0x6, 0x36, 0xb1}]}, 0x38}, 0x1, 0x0, 0x0, 0x48850}, 0x485d)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0) (async)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000001140), 0xa00, 0x0)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) (async)
openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_usb_connect(0x2, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000080), 0x3, 0x4800)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x4000000008002, 0x0)

2.836457942s ago: executing program 8 (id=1167):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r1 = syz_open_dev$tty20(0xc, 0x4, 0x1)
socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000080)={'wlan0\x00', <r4=>0x0})
sendmsg$NL80211_CMD_SET_PMKSA(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000440)={0x1c, r2, 0x2140dcfffd4d4d7f, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}}, 0x1c}}, 0x50)
syz_open_dev$midi(&(0x7f0000000100), 0xd, 0x8000)
ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, &(0x7f00000000c0)=0x13)
ioctl$TCXONC(r1, 0x540a, 0x2)
r5 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT2(r5, 0xc008aeba, 0x0)
r6 = syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x101000)
mmap$snddsp(&(0x7f0000ffe000/0x1000)=nil, 0x1000, 0x2, 0x11, r6, 0x6000)
r7 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCGIFPFLAGS(r7, 0x8935, &(0x7f0000000400)={'bridge0\x00'})
r8 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000140), 0x10040, 0x0)
writev(r3, &(0x7f0000000480)=[{&(0x7f0000000200)}, {&(0x7f00000002c0)}, {&(0x7f0000000300)="0d244e6a0dfe9b0f6f613ffc003d86d960f59e18c03d28842017e96c25076ed0ca8cd6a152ea7cb039872edbb6681a42eb5d9bd55fa6e0c43dacb196ec2db28eea9200a160eedecd6e89c60860d371f3a277ce5ea5f1ff5c9c29da9cf698ecf6fd5527dfb5edc3e1b7efe9170035996001d8fd70e73f7a96e72c1f859b45c15a5c1f97cb1ca43b52699610843415ee649b4b45d47a57921b794974bc34a6e479291ae8cddbbbacf0603e36e2cfeaa1bbcd56e13ca623af1824467e771e14ed848ecb203926d6539b12b686acc028b3d63b70adacf9c58f5cc14752241ff6cc928dd08893ae25d035ab131e3d2be5aa253fd25910f7cf1736da5ab9", 0xfb}], 0x3)
ioctl$TCXONC(r8, 0x540a, 0x0)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYRES8=r1, @ANYRES32=r1, @ANYRES64=r4, @ANYRESDEC=r5, @ANYRESOCT, @ANYRES8=r5, @ANYRES32=r0, @ANYRESOCT=r1, @ANYRESHEX=r5], 0xc)

2.736643913s ago: executing program 7 (id=1168):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa8300, 0x0)
r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r1, 0x40485404, &(0x7f0000000040)={{0x1}})
mmap(&(0x7f0000787000/0x4000)=nil, 0x4000, 0x5a051feb1f984a1d, 0x202812, r0, 0x7dfff000)

2.650302958s ago: executing program 9 (id=1169):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0)
sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000640)={&(0x7f0000000880)=ANY=[@ANYBLOB="44000000216b715e21ecef7697836a", @ANYRES16=r3, @ANYBLOB="00082abd7000fbdbdf25030000000500050005000000080003000100000008000400b7000000080002000100000005000500030000000800020001000000"], 0x44}}, 0x4000010)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x14, &(0x7f0000000140)={<r5=>0xffffffffffffffff}, 0x106, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000a00)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e24, 0x40003, @mcast1}, {0x2, 0xfff9, 0xc02, @private1, 0xffffffff}, r5, 0x9dffffff}}, 0x48)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="4c00000002060108000000000000000000230000140007800800114000000000b5e3cc050015002c00000005000400000000000900020073797a300000000010000300686173683a69702c6d61"], 0x4c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000049c7d958aec852291f8d579d42e00dd17ef2eb4391d549352765a17a009b924eb9253e1a1f38b839f78d1da58950bb0816e22dde4d"], 0x14}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f00000006c0)="6d0b1f4f38bdfad50659e830c28f177bb7f0eca4ece2d735069dc3d8310a66388073fdecd0c184c4fb25e7a64bdca2cc1e7b117a41fb1a7541723762a4d65d1e1f168504f697c6", 0x47}], 0x1, 0x9)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
accept4(r7, 0x0, 0x0, 0x800)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

2.632071677s ago: executing program 7 (id=1170):
r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="16010000415fbc108d0ea70031b50102030109022400014000000009040d0002ff00000009050402100000fa000905080240ffffffeb"], 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000df713820f0031d58381f010203010902240001000010000904e50002ff0107fe090585"], 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$inet6_sctp(0xa, 0x5, 0x84)
bind$inet6(r2, &(0x7f00000002c0)={0xa, 0x4e21, 0x0, @loopback, 0x9}, 0x1c)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r2, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r2, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8)
socket$caif_stream(0x25, 0x1, 0x4)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
read$proc_mixer(0xffffffffffffffff, &(0x7f00000000c0)=""/171, 0xab)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32=0x0, @ANYBLOB='?\x00\x00\x00\x00'], 0xa)

2.432471166s ago: executing program 8 (id=1171):
r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\x00\f\x00\x00\x00\a'], 0x0, 0x0, 0x0}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

1.7516995s ago: executing program 9 (id=1172):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x29202, 0x0)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000100)=0x50044)
ioctl$PPPIOCSFLAGS1(r1, 0x40047459, &(0x7f0000000400)=0x4000)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
connect$inet6(r2, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1c}, 0xd}, 0x1c)
fsync(r0)
sendto$inet6(r2, &(0x7f0000000500)="3e04a91d775b64", 0x7, 0x8001, &(0x7f0000001500)={0xa, 0x4e20, 0x9, @ipv4={'\x00', '\xff\xff', @local}, 0x8}, 0x1c)
write(r0, &(0x7f0000000000)="fb196dec69a10b2284f761", 0xb)
socket$inet6_tcp(0xa, 0x1, 0x0)

1.488328299s ago: executing program 9 (id=1173):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.time\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000005500)=[{{0x0, 0x0, &(0x7f0000004ec0)=[{&(0x7f0000003e00)="10", 0x1}, {&(0x7f0000003ec0)="0701989fb918162f00418f2ded69d8770cd53a18d5be7677332f5cee68953900277119a8c7ddee90a0a3ec88565788c6bebb371f963ce2ab1548dd34a4675985c297f75e9b3c25efcd2d513e6589c9b0f93ff96001e8b23500ab03cb54f8dc125aad73dcbccced2617af89d4efff579f40752bec39705f515ed1f4e544e71b546cfe82a29d48b5bb33f4d399b51dbc5d9ecf14d783fa148f85518748589c00fb20c3816fffb12f89273ee6dd7d8afa756182031d9564e48f82569355d46f36c6bc085659d78e04161ef23189c3b36c7a70fa622f1094d2c48f7580c2b91435583ca4b1d365d85690e12e12c328540c4b3cca5eb83d9cc715e759b190ac9cd25a932090c9b3b0eb02ee90f3730b4ff064caadea1d1901199f91ba870693d31bb825c984e668ff5d446189472ada557bc3a6d3856d825d3a354254b07e2051eac4ec145da95ff2bbb6aa61d82a9b5521270767727bf6f6f0fde50bb52808bd0298abd86b322d93a09a7a1adf968fd3a110454594c3574b053901b06c747743a6b82e879af55dbaa6d5913c5d64e2c7028be9fcfd4ae560fdf39573af17049d9f54f8d95343b0e7383c31ac5c536ae295b70256e57087b70f7805bcffb9dc1292adc04897c3116a423af54c303e519d3ceff46e916641a0c0d5ab3247f1521051a1feefba4076789f4caeea803142f323544c0cfc8a15649d258fac86bb191881999b56c3facc88d5e291ffe089fcf03334735f8c58164c2a9d11211eefd5df282c425d5426f50eaf9fa1d04627f335ae8a91236636df2727f3ac33986c583065056c02f0f607331f04e52584a450fc617a9776dbfda297fe3676e5459a87eb2f29289f072c930d26f13f7439a392e0340e6de5f140f1a30bd4cad609482cc8d4c8825fed5ca146dba5dcee38c2cc000a647365a630324066bb1d6f7001cc3c4dc522e05b98860b4fca21e6b215a1ce4e9894f239552b621d38e73577b14c46f4f0657633a13d75de27288f90eeb934b2d223eb35d13370bca00ce93174266cf2a8ed76112faff75bf3ca7fcbfd0e0f6eef7013c73d3a8a07249d3533d8ce42ee4417cd7cfc3b45edc564768a0446138ee21c9f74595eb01757382554b5f832b7ef3cc9b963e61b63488f42abe2a241599927a58d65bbc7d33f152293003b298dea2f43f6cc0f35b70921bef7c0c0647ca2cfcaba2e93cf48075d96b630412356f49b273f8ead8e9aedc66a5851ea7750fad712bc202dadacb8abc67bcd76ad985ad8f2cc59404ee86d5d1101e39da78c7a9c07cc70b9db7c1ef98d6c5913b6c4f779d00f0523eef6101cf6990c56ed63542d955c518f770834d5d60fbad3a366f971ff2567e9ccfd9753c7cb0784ed573a36f9398aec42aedfd7940408325fece059bde1928bd9464edd694e143c28f7dba5eac1f78faceaf0677a97d09bad6367c8c456772572c738d1fa889dba63faf19bfc3e03b44bbef381642f6617d8c14f2bb36285c3a0eb0da36964a6533421ab5ecd30fa04a6f10f7ad733fdf3f3e35889e1e503dd5a13812a9554d5f35f7ddaf72ccd0b30ad5b47b6a87911d941fe18f893c587b669b2da063e20b3207457ca54278056dbd72bac0fe5592e3012a492582b39b12fdd4c4e88f2ed6e0224382a7d3f29ab80674194a1f67e5a1403acf87d8dfed4a3d9e062437e31bd5575315c6d55cdb19d22246df5629020f886168bf334c1ef5eb56848a90e79a19b07b2d4df6240160bf4a1c76d5c0ff7cf58b5d9992456dad1c8e88bcd1057d0083cc4604600ee13d3f19563bd4d6a1a5089ee1abc00834802de770bd7198f389ee946f859021a82da42abaf6d49abd4e4af545f67ce9e7b799272e7831252e89ac9abe43b608496f58041f8f7d5de8a1245dd0f226ffde0f15f9abb8e46d4420c61e2536b501f1f8ee57fb1b75d6e2218e2a494a7732809511e72c0bd40acbf2468241ab76cec2337cec0eb005bf319e6d86494940d8a66713e1fbbefbac8fb7089accc37e591f579031c62711bf22997900f676d730b38e13871635298b73ebe91a57cc338bb92a4ece03df9faae72e1ac69cc83ace37b3f380fead74eb37a984880ee9eb055ef9c0b6d130e24dbef4e33628ac6abbc8165f362fed96f40ad9e5bd352e166950fb64de6e1183a6a6b86cc343d3155061201c902b15a565ac108b3dd1baf185212bf0b134ce1e6d462db05e3b7f87e69034fd7d9fe76385030c23bea8b59a0598bbe27724a7c871a854887a905a21cf310703bce1e6246e91bb30a2083fae4668c8ddc50013625176fef70c9aa18c1c74492551d51ab3ffa298612d33f91e577dc541011f324eca7c398e6b74fce1af1b0c423db64546402464d0883c362c5088e0d624d9a9322b8bbee54e135ae1de96e508c8446f8c5f1e688156a06933b7f3be63d7f270ccca99080bca99d1088bf72fb56c7e77c19adcfe73876bdf30303bf536be41fd0317de38d3ddbd81ad86185cce95af605fc93de14875edfc9ef573de8a78803f457c955b04b5450dfdf3a39e896af2a5f4af8bfe0b828a192ff07a3342637f814eb7752481f3fd14f7108b1c82753bc5b5b876f6a8dd9c21a389575f8f09f475a86302089771584afaf7b2b53a6b23f5bd35722c10ce7f0059130c602059f8c6ccc613aa5a125dd837e2c696b04e7281ac55db559356822ad3244a2863d058b9b5714dfd9da713b0e2f61f06ec7f7940577d5418d43caf2b052b1e730061bd33933ef148c2b17a6325fa5f9eea71edce16765c51dd0a74d85cd3c7853cf3e3ca466e709c82ca9127abc44d05958fd3c68b88ccef8a4d7610afcacf740bc41c742703294a74ccd0acb7d6a74fd7326d3d9982cee6d3a0913beabcddb88e94ccb11f8252b6e23eecb52d42838755a0bdb9cab9688e656c818899b72de26c8d4a9240ebcd96c4984ac4e767a47dc43110e46c7650f9bc80dde81a560a5bc353b62e1364bd6a3cc179f6ed7b9fa695aef78b79b34ce7c5ccaf6ea45be31783988cb7ac53edeeff64918460ba3329004b7f9e2c78e69ee83bcd4f6d690eb747e51c90eee2839ba3ced61a117369479603b7cc4eb87d61ac366cbdb68ba2018e011731c20fc1dc936496d0fa3632123ff257d19234ea21facae128a99eb33d53fa85402f8d75435e67bc00f4d12cecd7121ea7c9f906d1b9c6c3bf7f19898e06b4c22290f7c24b4b0f4a57cfbad711a1c20962c44b6809c2b0f2fcfd30c78d74b0db9f692541b424f70b730a8191d680d30449102deae40d92a8206d10f0e75f58117a7453c164590f3d8a1480d6d35edb050c2d2dea412e20777b05235cdb2c163e140c4abf34c77a128b6e32a2c8f172b405f75155f5d01ace08fc514a2a2f15ee4d081f0e419d0ada9d6257ea7c72863e81573851f961897dc174dafd758c7fccbe55a1ad6882d540c45fe875813c83bac24955e93c694ff0899378c2e8419a79603f40c104e3048157a56930ec7cb206c467342be29b0274efe40696527c28b924a7a5df443448a3290b6025737bd67c31a60ae308a9e0929f253ef990bd3fcbc41907e6a488dd77b6b59e2075fd8005199fe5109687ea3a4f82de2de7736ef59ca1b5942abb4d1428f75cdfb1ff527ef215b5771ecea9cf6856d206ceda649d4aa780ca6dbeaeba43e4ba269677332e9d0331435bb1cf2fed54d3f4e2977b4f3c0f56685f0dfedd3f51bc63340d9943c796db2192e568b60d383beb216dbe23d3885a183834cccfeb4b8fd8afdadcdfa906609d73be1e936454804a4709bd288f7d24cf1681ac4e65391948b1b69d643924b69b59f960cd6b1a6a3448e4e2a1de36f6c015fdd336ddf5332f58974915e3137c2886d1926325b39880c4750969b32855232b473c96d5aa172f969debc6e59d9e44b77ff19800821a277d5888775b24299696d78ffab4029e869f9474fc0a8c967992dae58b3e42679fae8714b1d72951c1a40b1ecb3475b4f06dd9cb3097d19bd79ef5ac65cdb7ba8a33ac84929e8f8b08d5868aaab43973ceede0e90c5733be627424826e396d7e383d5b3955bf84c57c8e6afc26ef982be5a6a490de038777502b1ff0fbda601939e7e4e928bcfcd88f5699e0ebb08eca126bf461f73401733e25cadced3d0c4c773807ec47440cc7d4f682fba8a7f52b5399120ec945bd5765ed470927538895f464c7e4b16073e3eb62d41bec2badcd2335bba8f8993f8cfc9020bbec333f3f6d4e7e85862e0221cdc591bc2fc57d9e04f35ab38ac0eb7a4e84a4c50e0ba0978cbc066aaa1c873af6d79cb0c5f7e8f7ab53f1135ab0b10d65ffd6c8099e2cc586c82a1dd52b5b4dab6c976c4d30a773441c609de9290b45345ca67ffeaf3b1c176c9692ffe84db0d01be7a8c5713ded2e061a18c648a96293b2b61919dff333048c1dacbd256f1a52fb51ac3913c79df435bd6052f5a4a56c0478954ba9bdc6136905aa3d7fc92ba21b683429e3374fdb393a63db4e7263f75df0594932929598ecd081acaec4cbd0fcc47520d1e732e2ee7b26894a85402386b5a2d8fd8bfa0dfb04613ac8ac15b673ec2448790ffbc9f1fe1bbc483ba576c0db8a19246798ee80e3ef7c80e347c5216cf0a737c317ef381b4e2e8c8e9fa57be425208455c7e51eb0734307e5aa80d030f32a3724e95943597a93ded32294f0386a2be0522d40804692f181b7812363d31da5fed14c2e2e014ff0f89783c47cfefa81f0d92847c915ca41017e2e607b993d45a8b66ab2b5586d888d768268401d8fa9578b555a869e8173fa723ff96b32b0dd1c6e79d2a8f109b739bbd8ad3de0ecda7b7b674c7b4a7f377c476649671333c9b16ebe23ed3446421f1b90baa7c7ddf1d19dc17377cddd026ad98b397dd8ab1d82b6517379c5dce8e05d3740057f22ae8e502f704e17d0e61e1001ce9e82ec8261297190b29be274b24ffc40c674d7fea89239d3beeb26d8a920bafc00a1b74aa7ee7a04e2f2db237df4216d9ffe4a3db3843a5fe72452922b54638628678cdd15afa951071d79c8f06f5b97c7e95846b2cd295e11280adb17b2be95790c2485c9ad8552fc293f3c210ea411442fbf40d53e3e9aaca3976df32a554966392ec00f9ede1ba28ca09b3c7bccb315409748f6304316c91ff28a1fc87d5a0500d377924f36b94b99e9423507d83fd0334c4ef9e1f5420cb6d63502775735449a2e2d71febf73ad19239842b18bc2ffe711d304cd762aca80242e8fcfebaca2409d4f2fbebbc78d909415abcd6d4dff96e27b10b5cadd812682f2480ab02291a1a846762c44553dbe6ac68ab37c064723ce8640373cda966cd9623ddde217b90a9ebb25e86d731e12c6755b1d2818fc69faf9dd3d8766d564af89e839c51e32052f2c24e66718cb0dbdad176b77fa4bcb308a591fbda455685842651615df73ec21d146be972b5c3ce45306bd398f60f31548fd528c1646dba5b02f78d3d58e44c6e703fd1d76a5fac213fc92cfd12d8b59a315c783fcdc25cfa880e70c9cf4086ade7ddf89866033b3d15d425d6d826f2cb3d9cf9fc6ffee9b6af9c62b3c02edd93b20461013535cb7decc864bd4343f2c2ef69a468889775a35167122076c2d2cba996f702b732818b1a502382bca21f9e4da850932560f148e87dbc6d870a0640ee98a9863de9aedbcbe10b7ee038e7c23b1ed68cfaface5d70df10ce3197afd8ff4fe6b2a1eecaee87dde9889df96fc7058f76be530fb15214ed64695e197877db03eb1012cb24d8fd71f89da8d64b3bd8c4466b5209bf3dbcd193a067d2", 0xffd}], 0x2}}, {{&(0x7f0000004f00)=@un=@abs={0x0, 0x0, 0x4e24}, 0x80, 0x0}}], 0x2, 0x20000854)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
write$ppp(r0, 0x0, 0x0)
unshare(0x2c020400)
msgget$private(0x0, 0x240)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(0xffffffffffffffff, 0xc2604110, &(0x7f0000000040)={0x0, [[0x9ef8, 0x2], [0x0, 0x1], [0x6, 0xffffdfff, 0x0, 0x0, 0x0, 0x0, 0xb, 0xfffffffd]], '\x00', [{0xfffffffc, 0xf8}, {}, {0xffffffff}, {0x0, 0x4, 0x0, 0x1}, {0x3, 0xffffffff}, {0x2000001}, {}, {0x0, 0x4}, {}, {0x2}, {}, {0xfffffff8}], '\x00', 0x1, 0x0, 0x0, 0xf8})
msgsnd(0x0, &(0x7f0000000180)=ANY=[], 0x2000, 0x0)
mremap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1000, 0x0, &(0x7f0000ffd000/0x1000)=nil)
msgrcv(0x0, &(0x7f00000004c0)={0x0, ""/4}, 0x2000, 0xffffff7f00000000, 0x3000)
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000000)=0x10)
syz_init_net_socket$rose(0xb, 0x5, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r4, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r5 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r5, 0x8914, &(0x7f00000000c0)={'syzkaller1\x00', @broadcast})
ioctl$sock_inet_SIOCADDRT(0xffffffffffffffff, 0x890b, &(0x7f00000003c0)={0x0, {0x2, 0x4e1a, @rand_addr=0x64010100}, {0x2, 0x4a23, @initdev={0xac, 0x1e, 0x1, 0x0}}, {0x2, 0xce25, @multicast2}, 0x204, 0x0, 0x0, 0x0, 0x2008, 0x0, 0x200003, 0x2, 0x2})
write$tun(r4, &(0x7f00000003c0)=ANY=[@ANYBLOB="080000fa"], 0xdc)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
ioctl$KVM_SET_MSRS(r8, 0x4008ae89, &(0x7f0000000180)=ANY=[@ANYBLOB="01000000000000006902"])

1.300873926s ago: executing program 5 (id=1174):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$nl_generic(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001000)=ANY=[@ANYBLOB="240000001e00050300000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\t\x00'], 0x24}, 0x1, 0x0, 0x0, 0x4a841}, 0x0)
openat$rnullb(0xffffffffffffff9c, &(0x7f0000000000), 0x103200, 0x0)

930.044713ms ago: executing program 5 (id=1175):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x8000}})
read$FUSE(r1, &(0x7f0000000200)={0x2020, 0x0, <r2=>0x0}, 0x2020)
open(&(0x7f00000000c0)='./file0\x00', 0x1f, 0x1800)
write$FUSE_INIT(r1, &(0x7f0000002280)={0x50, 0x0, r2, {0x7, 0x9, 0x7fffffff, 0x4092200c, 0x9, 0x2, 0x9, 0x0, 0x0, 0x0, 0x10}}, 0x50)
read$FUSE(r1, &(0x7f0000004580)={0x2020, 0x0, <r3=>0x0}, 0x2020)
write$FUSE_INTERRUPT(r1, &(0x7f0000002240)={0x10, 0xffffffffffffffda, r3}, 0x10)
close_range(r0, 0xffffffffffffffff, 0x0)

715.660441ms ago: executing program 5 (id=1176):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0)
epoll_ctl$EPOLL_CTL_DEL(0xffffffffffffffff, 0x2, 0xffffffffffffffff)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
getsockopt$inet_tcp_int(r1, 0x6, 0x17, 0x0, &(0x7f0000000400))
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_open_pts(0xffffffffffffffff, 0xd2180)
ioctl$VT_SETMODE(0xffffffffffffffff, 0x5602, &(0x7f0000000880)={0x5, 0x96, 0x81, 0x1, 0x5})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, &(0x7f0000000180)={0x14, &(0x7f0000000040)={0x20, 0x5, 0xef, {0xef, 0x1, "4384e12b10d20c80324ed2b876f8ca942c29c5be22e9e9d7bf1027a6b53fc20eba3c8323c35d3a524af33aaf8431f0337ea1b75ab82d556a140ca6db6f8533a65fae1e066ea36e46d0c18582992f076ea2cd91221c160c4136dadfc1e1c591f9363ccba13d0d204ed3ed08249978e8e3c7d94fd0576c4ec2cc149dba4e383ea9b3098abf4e7122db209fc997ddf3efa913bad99bfbcd2a07c89c11627160b92871f34f9103904c00e15d5f85c85ef65b7c02b1f0307c13ce524594d9c4ea2da283c54f6e6cc22be6b2f7b35def159712a4beb35abea308908cc6d0eb85fc39f75bf994fa867ac20ca1d43779b5"}}, &(0x7f0000000140)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x9}}}, &(0x7f00000003c0)={0x44, &(0x7f00000001c0)={0x20, 0x7, 0x26, "296936945781153d1024e7efc3e197274d31c74af6be6caacf3107f0968cc85b9781ba9d3526"}, &(0x7f0000000200)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000240)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000000280)={0x20, 0x81, 0x1, '\f'}, &(0x7f00000002c0)={0x20, 0x82, 0x2, "6de6"}, &(0x7f0000000300)={0x20, 0x83, 0x3, "e95087"}, &(0x7f0000000340)={0x20, 0x84, 0x1, "d2"}, &(0x7f0000000380)={0x20, 0x85, 0x3, "8afa92"}})
socket$xdp(0x2c, 0x3, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x400000000000004)
writev(r2, &(0x7f0000019440)=[{&(0x7f0000000200)="480000001400190d7ebdeb75fd0d8c562c84d8c033ed7a80ffe0090f000060000000a2bc5603ca00000f7f89000000200000004a2471083ec6991778581acb6c0101ff0000000309", 0x48}], 0x1)
read(r2, &(0x7f00000005c0)=""/134, 0x86)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000540)={0x14, &(0x7f0000000440)={0x20, 0x21, 0x84, {0x84, 0x1, "247558d13483effa206bc2c287825b6cd5e232446a34fdbd1d57798685813f8403557cac5a4423380decec7bd199aeb92593531eed65b7774d1d30c8ef7c8452e9068f7dd71ea3907e16911fb26c9e5825bcd05d173e7ed1e744e7be88cfb6fe9a806fc038c60534337f4ba332f0c2b1b6a1e5e7f67645e1a50883f76c0c5808a5ed"}}, &(0x7f0000000500)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000800)={0x44, &(0x7f0000000580)={0x20, 0x14, 0x9d, "d99116cd297771f5608238f4ffd9e93b210f1a32081a2a85a501f167e480505cf435b608c2433c54232abd0ad168254ca3ba8e57a070e6958831290908b89b6a3532e792b60b6505f3b0ddcaf3a125db8bee9310da1c83300edafb4637d4067c894b1bb1bf17116596ebacf5816b0db7d6d11eb921dafd0f2557301c3341bab79659ce89c8302af1a23c9767b5dd993b6b60eae89ca29c8d81badd353e"}, &(0x7f0000000640)={0x0, 0xa, 0x1}, &(0x7f0000000680)={0x0, 0x8, 0x1, 0x9}, &(0x7f00000006c0)={0x20, 0x80, 0x1c, {0x9, 0x9, 0x76, 0x4, 0x6, 0xa, 0x7, 0x3ff, 0x9, 0x1, 0x5, 0x3}}, &(0x7f0000000700)={0x20, 0x85, 0x4, 0x4}, &(0x7f0000000740)={0x20, 0x83, 0x2}, &(0x7f0000000780)={0x20, 0x87, 0x2, 0x7e2}, &(0x7f00000007c0)={0x20, 0x89, 0x2}})
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000004dc0)={0x2c, &(0x7f0000004b00)={0x40, 0x7}, 0x0, 0x0, 0x0, 0x0})
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f0000000b80)={'ipvlan0\x00', &(0x7f00000008c0)=@ethtool_per_queue_op={0x4b, 0xe, [0x3, 0x81, 0x2, 0x7, 0x4, 0xb, 0x8, 0x8, 0x5, 0x5, 0x71, 0x2, 0x5, 0x66, 0x4, 0x200, 0x3, 0x7, 0x800, 0x7, 0x200, 0x5, 0x6, 0x7, 0x5c, 0x200004, 0x6, 0x9, 0x4, 0xef, 0x5, 0x1, 0xff, 0x98000000, 0x4, 0x0, 0xffff, 0x8000, 0x1ff, 0x3, 0xe8, 0x1, 0x9, 0x40, 0x100, 0xffff0001, 0xfffffeff, 0xebf, 0xfffff606, 0x2, 0x23c, 0xffffff01, 0x57, 0x7, 0xd9, 0x401, 0x2, 0x800, 0x9, 0x0, 0x1, 0x7, 0x7fff, 0x6, 0x4, 0xffffffff, 0xc4, 0x800, 0xf79, 0x6, 0x5, 0x6, 0x0, 0x8, 0x7, 0x9b800, 0x10, 0x72d3, 0x10, 0x8, 0x10000, 0x6, 0x80, 0x5, 0x80000001, 0x5, 0x7, 0x9, 0xf422, 0x2, 0x38000000, 0xfffffff9, 0x800, 0xf, 0x40, 0x1000, 0x4, 0x3, 0x1, 0x43, 0xdf8e, 0x400, 0x2, 0x4, 0x142d, 0x6, 0xaf, 0x603, 0x2, 0x3, 0x8001, 0x3, 0xffffff80, 0x2, 0x0, 0x7fffffff, 0x9, 0x7, 0x0, 0xb, 0x609c55f4, 0x9, 0x5, 0xe50, 0x6, 0x6, 0x97, 0x6], "f80b1be1d745797cbfa2bd4b753fd858fea30b686c6a9b440ce8a0112c6a4b6ba4a9b1d3d8ab01f074222ca3c5f0d87a818733605ec4e14fbdba8a300f00eec181ee72222f854590adb5d34120201ba822bb6abeea2267d341813fd1512f69be37108e6fc82d182752ef073e37c37a16500930daefdaae8090f23bb29ac109d45673d0dc88ba380a8bec81b3b9b810c72058ed91aded6ad6988a0010174f72124bb3c332"}})

517.021834ms ago: executing program 8 (id=1177):
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x200002, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r0, &(0x7f0000000140)={0x28, 0x0, 0x0, @my=0x1}, 0x10)
connect$vsock_stream(r0, &(0x7f0000000040)={0x28, 0x0, 0x2710}, 0x10)
r1 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_REQBUFS(0xffffffffffffffff, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x7})
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0)
ioctl$VIDIOC_G_PARM(0xffffffffffffffff, 0xc0cc5615, &(0x7f0000000f00)={0x7, @output={0x0, 0x1, {0x7, 0x7}, 0x8de, 0x6ed8}})
syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)}], 0x1}, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15)
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000200)={0x10, 0x1, 0x3, "bc57499e007105bf0000000100000000e40300", 0x4f565559})
r3 = socket(0x840000000002, 0x3, 0x100)
connect$inet(r3, &(0x7f00000005c0)={0x2, 0x0, @local}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000001000)={'vcan0\x00', <r4=>0x0})
sendmsg(0xffffffffffffffff, &(0x7f0000001140)={&(0x7f00000010c0)=@can={0x1d, r4}, 0x80, &(0x7f0000001040)=[{&(0x7f00000011c0)="a86fd2c19dd2394d725e62627174a21ba98649121d8c393e6188b2b4a1258c241c9c8755c49d2ef67dcd1882806c519309d4becc86202a00fa04a5b499ebb70da3e7caa54d458ef5be1f40a9ae639a288476d82d7f01aa54e98146372ecfbddf5e1fc42f40e32d229211e210f9e24b01a7491f4d", 0x74}, {&(0x7f00000012c0)="ed789931d15b362ec4644fae1de0be78cde68c383e45c007892aab84b9ae4db6fbb5bf5586bc13c7fd5bf8ddc60c38d84c4c008208138b7f0d31ef41424876d1d129cba6a96a23b750a2123306", 0x4d}], 0x2}, 0x2400c040)
sendmmsg$inet(r3, &(0x7f0000005240)=[{{0x0, 0x0, 0x0}, 0xfffffdef}], 0x4000095, 0x0)
r5 = socket$netlink(0x10, 0x3, 0x0)
writev(r5, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
readv(r2, &(0x7f0000000040)=[{&(0x7f0000000540)=""/4114, 0x1012}], 0x1)
setsockopt(r2, 0x2, 0x5, &(0x7f0000000240)="d8089b40933c16447a5a0815760c147da363dcbc284bc1ce3233a27866051c27fc1af633384c5215bc6c0e38693ed1b4419cbbb8c444479f66d28af46a900121bf5a539bac8cc7c9d1687dbb9d5850642f4640041962229c9031560da0d8b55c6e42fdb8eed137ced16e15aba3b1bcabbcaf1e8bed9aa61dbe974b57b73dc16e29a4eb4296b8e771a44819610e18ed65d8c1302c5daff53bc36b31b8df65a3c7d2c83976e9e34de190fb4ddc3eef4a3c4dc0d8558854e955a4c1612e9a707b14d51825c2a55d94c4e71a750fe2b988989a25eca56d2f2e63bbfdfde19d2a5a466f63c968a51889a5af3bc4dff1af682917f64b3b6513df28b18e7e214544dfb3635bbe217c574bf2e814e962cc06a5b3d645f076d90edca7de8da7ee82528e86641d591a175470bbed189d926831dc0749c2943b682d3f6b0d92b65dc69928aabbe966052446ce690391ff0dbbe8d726c508e98741b8adc4e177be00c83c6c3f1a52bccca925b73cd31851e9d5a4c05d79ec0b16ebda5fe7babbcfc54a0ba4352b9553be16fe07db6e841056e1724e40a9f365d81a841597104500858396d7a81a7a91ab5339000bbab0fdb55f021b2ba938f4bc1c70ca8827cce798a69a9fad6288cb38d1ee7124b61bdcb24154cdc6f47d6bdf01ffbc8757a8b571fc9ec5d3c1ab1d6456df77c27c814e74d61cbc04b6edc96beaf7abfc9664e76308b19d886c3a628ac250598f04a758b545ac94805417f4f0301d6e7ecd2f5ce81c03a554a08709bd7af4597e7c75f771be7a786a1984a0cca6428c229b628a98aaeef4ce531f906db87c35345491ce864e67c06aa9148e3ae2cdd1bd7f607a3842cf45af2e61487cc457fc271fe98d340cddb90fa3f70ee4176af4ea6f7690b7eef2cbbc78701f43633eef1b54c9f439031cbfe5d1e64d17025e9e6eadf9787ae6e2930d9bfd8f1265e14ee6008d019eddd4fb06ef5a7eab0e76d6913c11bd9e8d155e8a6ea7f0e38e543e9cf63c788a4a62455b5c8013b9d2770b2fbc027294ef03c3f66be0bf0198e87061d07009c48aea039e94f1d77a144c1a3a2eae392dda7ae48eccef64b34f37d83bf7e341255352eeea494490eadeaca6fe5166d6f226c0c1699879d9994dc4e15699433f3ea1a59b407a8c2c77eca857157b7a57949b18c0e8cde2ec46e52fe73b5e60427b4713170bc49e5bf68097a5e7c3d2b313ca2e1a23c568360b922dc0b9d168c2473fe7821bf51fd7218ba0fedbb4c6d70f879b631e2dfd1125388825e1020c08f9e8cbfa157e0dab8771a2a9fdad0a26bad22cc77bcf38eb725ed1c7a100ad063463be0959168484d0ca12a62f5ebe8ecada4a141559ab2627d0c5b2a9a98efa93424d72d8767abedcbeed3cf958c601c395ee9871f1af3f2ab8da527ab3cd5853073e436cead0b8da85ad7f80a6d1f68d5a62931e18269c2ab41557d4eb2b63992ff5a68ec6c1ac802319c0ff08de7ce7c0f2ff5073157d61d850d05c192e181846f386b6e70358da980a4c39fe4fb53cdc67785ceb97f18356646ad497caee2db1571c77d5974ed63d902b7da046c34a2ce49c834626281d47da27aa8e1b88f8c05fae6e3ab958662800ac8de92d51df4be53c23a3ffdd5116e41e7b50ac37968aff057ca2cdc9b768c5abc1448ca4b3e7dc994e350f7a6304a7d7fd8e7c907521939670905e73ce402f8f47027be54803a86d38ba5e014827c739c618ebf29ba79459b70c67903e92c5af22203945e8860d0aeb4896be211bae0990c24cff05df55d46a573ec74288564900742c473f369a4cde6a7ae31dbcd493800ea76fd4615569827897d2aaa18aa694e6a9caf0af8e801436b7a43ad561b5b73c8069c64a064e5bd087ce4fd9e47f8d5e8cc2081b09eaf296a704f1c3096b1caa08134026e0050d4dc31205cf709f9883d0f7c9a895e6e867394a9e0e16cc2261e16c169d1bcfe5c8d61007c9edd87810650daeb882c947e71452a62b0a5646d1286cf284e625b6b0d076cafa6df99af6a841d3ae4be7d35f8e14aee74f010a218707ecc6ffe85dec9006fafba98e9ad041905ba33bb65bd9c76905fc00e961afc5c3253086c4635792808ce926a2ee8cf0fb79360ab386b51e8dc9c6b8a6b22e29332eb3812388f8f41e2fc4c5abb79ae907d231a6d0a4a343b1251450f849ad7a60abfd3ff36263ef4aad306203f23e9d714a1e756bc22e9fbfa37053344f22e03d0c3e2267f68ef4946328115b0e7d3e43ffb4e377400b10b1862a2b5f335ab7e0c9465f76d4c34f818a9e438a11eda0966ea2b9fe1d34eaeec71b27458ac4e66a27bf4e24ada913ba6db7cf16d400ddc92d099c6b42fa4538e8579a49f2a7287d54a13f38b14a40efebb0774355958665485afd43114ea153cc2e65429064e4d6f22bcac3bd6aae65523f12cca150e5d234d063822e8415ae4dd423531db6583a51bb52aaf114322d9205a98ed28f00a40e0b6ca9676235e4977107a2f39ac48686793c8755547ed6f58e7179eb3ed3dc1a0b4ccf5898725822d69bc33a332a5e2865c71760031712f154a397fac593c263546b77aec16537727569281cde313819df782d782abfdd51682075558968c8c31a480daf8c4c16af1131a11e5a7d432354894ecf7fd25239dd732bd35fa2f61664923de04ea66d3d5e32c398b95d74f7c40b3c76b506958f51c1bb2b338ed719b53f635a644e4d90cf6d8752556aa3143358f83cc9c99411cdd728a87e6930985e8c31ce584f31b2f41c94ed5ea9c68b285f0b90d460a7223dcdfec5615bae7e8812b32af7b54c74690b342e83bdfc6f4fa0484b05941d783aad9c6382c407f2d38499910567d8599c5cef5ffbfbf328f531225937d8ffde056ba2989bdb9835d2610fe7e4692dbd44907c9b7246bfa319f3aabce89f6d54cb6536937cc48602641b22f0286d1c0ef13e0446c088b9f2ea18cecf4142f121991757b50ddaab6f2392ffe297b788a40a0ed2a47ebc967c453dd105a4aa7cdb74bce83c07624f74ca252df21230f8678ad6bdd94dc04ef35658f5a1cf99549da0622501352ba7936d30ce6b1574aa05e38610de0c709b153c1c35f14ef8b175a12b7b0491996958f8aa99034c7a50bf3d2c0a83605e3377f7d461f41edadad0f57e2e818df4186944277d3f7bc227c2498358c2accc836dcdacbf5c3db12204437fe0350c4dea060bbae243903d7d751384a0438c0018a8320b36e4d2f55289d0e0b185e560444d26384270fb8aa52e4347fb067d71cdc400951f799549bb6cd01132cc80447a8f069c212ed197ed42771f82ececb61541550f0c372255ff22b77f1094476497c45f9380310525d962283c0bf17a946024ababe754616eac171683fa11775bd7a1c814966a78fccd527637f61c67668bb43be186300924214d0a21d1826c1024a25ece07b606070bc906c97f03326e44860b9ba8f82af3c6122558db9a46d434b65d49ccc23e65a8c3a74349d682d4bcbde2467918d69fb42e3268ff6a265675980a35b5af9b8b183902b817e7df02ebdc75819d32461051798305af8b5183e638ac300624ab8b41f272cad2359fb0621d5f04f6ac0c254e4a4c3c2d1eadbc99773464da8f3403a747a564cd0f2faceb6cad31c917d1a2ade3fc410d5d622cf056d6b3bf162ee2bd24770440b68a7db4ca2f4fe726c3ef0f28f0138305b0f3a9e8c5eea1129efbae9c7ea7df0c8f3b8d8cf581edb70a0504decdcbd5a6cd12c93286ba92cbbd8e2bf1a7921e6c5736fef19473d07f09e55099b8adcb73e0ed68f0d05ed2ae9e2533138b0f68910b25030eba2d9e48f9f728a5e15e7f8cdddedd68190a7d40b0b297d021f7fd5a57dc5079f32f4f706dba401c808f805038d24886e20f388c49ce063e04f0414c2b7449ccf1ffd68549ef29b89b27ba4d138795590c43ecb3a6f015340094e4bbfced992255e222551c5d01e31deecf63ce08085ac8f80743275de48b7757bf8d7de134904c9559f9690ed49dc5d3e65b03471630942a7144daf964f7665404b92ae599bd029510fdc751e701a4573a4c037584c08412927863416423ad90570f06c99cdbf4fcd37307f0857f7c302dc56cd389b3c538f2e842af334826c9d152189bd6c9c7a534281579fafc03da5f9fb1d1c6058db6a2a216f628c7b83b99b729f52ebdffdd95f5049d48ea939ca3b0f5a3e962a23b5ea36dd25a51e1ec4ff9203e038813015edeae5cc9ad541b0974b52e7e198e8999c86c3b0db75477abe7b6c4868468694041b16b1c1160d573ae5d4f16a89af8b6dd8d55b930821a2bedbb580ea1f4b53c16a66c033b8ddc2e2a8f31a3f76c22a560bac520a82767c452388ac6eaa14211dee3db8b17f476c1e5e4f2793ec60145f4858147d656ddbbc55eef248bb2315cb7542c72e7fd15e0563d101e46ee08b9bb89094459cc778cdafc6593e3c47bbe9f9db28cb05fdaaf04cc9f40d13fcf8b0777af382be34a3f5c72584036e58e50c38af092308a3327347f08f1ac7d87bc630ad29e72014390e91d669bf65475dc6591261f18db3b404aabd2def4aca0ef34f1b33ac69272a832eb8330dfe48ff268a972b1281cb6931d0bea708942a6cd1c6cda4e713f728860abb41f128d5e08a3aebdd4c5641fea8cd41fb456e33b17de67e57ea720c8677ed3605ed1d53940afd5b6fa9a8e01a708cb98c027ab71f5ecc83d3d24338b368507e0aa9726bb92121bfbe1a138a7b8fd248011a9fadacf5aadea1a8f0736c3ec5a2ebf6a3e9d878fe4ae3ae3fe112ace4cf34931cf9ee502a86a61737be1d0dd44d6337428105dd6198aed62479bdb5be205bf5cdcccbfe5fc823e03081e682ce500308c6798c8f4164b4dfdffc9a543a48889d46056d32abdeee7f9858eec511a18c6f3428d8483b4f2d442ca3b8f935fa1262008e7ee40a6f549cca8324a471448aed2f07f13f7257632b6f7bf3815067537f518d6783517dcbad7f2ee09acb8e2b3382f77cee29567d6514b9e123a3271baadc92f011f9ad6858d00fed7138102dcb33379311b7cafcf1143c4785d22bdc3000c33ddae823007db87defac747ce21d4280a50a34992eb91403cffecb485fa3821c083ff4d29b23618e48e6fc2aa057a123b1b81c5c9fb7a657ae4203c70d65963f47a15e49ddebcfe29ffe6275a953de60bb48b6faca5ee4faa0b600ee7ce9f96cd71189b3a3214c90cee13e6a9ef619eedaaa2c187993279c9044d1f5f3ff68ead8d4d765d22a4dbba8f0333c8133b06bc0e285630d6e50e65e52962385eb4fbfb490d8df94ba0ba57158bf9f284eb9cc7868bf332a6a9a7573717e65419eea17b878ba75da21600361caa6d47ab1c83689a0325aa0d440a1a2388b5a98e31c0ebdad9b533d9d794db882fa0cd680e23a5959245b9ee60c8414883e660f7895323ad22ceb6766284ecf764e0529ca790ff9b8620345824911bfb06b2b758647bf526bd7d97042a04c89caba0d4988797296331bc22ee16560370638e7601e8b6291a836644711c43ccf9b7819a42ac93a3a450cbde386dbea532ca7fe88240afdcf87dc9acd0d87985301341b97ef45b28e08d137ddb6bbb810a1294f852ea3b6e47588cdb17a0683db65e7bdeca7d94163c71fcb04020b50589dcf77cf9e2d9ebbfb792b7a352c6df43290096ad87c459d262987a5b933c95b2f890b94e60b75bad82", 0xfc0)
setxattr$incfs_metadata(&(0x7f0000000080)='./cgroup\x00', &(0x7f0000000100), &(0x7f0000000140)="74ea764075c3715576c459a04d16a8833fea8c4253dfba795ed1002e456e8217b556f85e123f18315e5d391706094a67827cfb4947ee440f24033e37ad80b33379ec4cb6caadbe4480441fbef94516286a202c5d71", 0x55, 0x2)
r6 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r6, 0x84, 0x7, &(0x7f0000000080)={0x7}, 0x4)
openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x240, 0x0)

448.689109ms ago: executing program 9 (id=1178):
r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r1, &(0x7f00000016c0)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd52a44fec4f6f1a6f65158bb6911c295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2971f29d9364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b42a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e807df4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfdb0c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681a03007e871befae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22f3bb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed49dcfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7c5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cf8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46070039116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fb930e7a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4bc700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4305531f13ecb1a775d0bd881a00", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r1, 0x0)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r3 = dup(r2)
getsockopt$inet_int(r3, 0x0, 0x13, 0x0, &(0x7f0000000c80))
write$P9_RSTATu(r0, &(0x7f0000000580)=ANY=[@ANYBLOB="580400007d0300000517030040000000000000000000080000000000000000000000000000000002000008000000000000001b00046e6f6465767b65766f6f7e2539c60005000037d93a8b92000000600275aff540c602007dfa673effeb09b5351f5bde054000000000187b8200b500002b595fcb14034354b9fd9ef196a51cd5157adc8103b494e165e12cea48597c664646c9a70f3e49253371c0423877458ce943c5ef03b914651fa3b84f41696b90141623d7c143441930dff256f6e8d4835d9b3ba5a7744b50be209678378326184f4ac3e0c3681bb95075f3847d2b732cd9bd96fb984d84e69ba9922793d2638486d6780e0b852365f038b00c11c5d4590843bc72a59fa4a373129e32382a15cf6c885709fa1a73448d94de89651ec28c3bdcc3d3b959bd7ed071ab5a5be0fa291cf115abf084c7bdfa150cb8e4aae2cebf987b2248806b459b5a5fdd5aa5bb90a57ee1f4e3544bd6d1b4ca137975738080c468674a6b73a3df28256e070033212c277b1dc17581f4c6dddef3aae3ad6dcaedf4f67fdd3794832f894d106c9e8dfcd263cc09c05c15e6c4bfb0df6d5ad607ee0705eacc8a20aafefc22885fb61ef57bc80c3054027460f647d123d48a5ffc6738abe1c940099678452dca5cc176b6b66dca565ee78325b921646ea0d8600f1e2f7dfcd060d4b7fef2e0cdd3745e909a14aa035703e86dd95b3c824f3e7b24fb287fe8b3e3197732f2638aec8d6fa59da7c144b3a1245b2b35210a0e6c3ab21eea23a4de23f2718a08228f12648af5b29f91db227e7afa034df13c5fbf106b97a3002484b4abbf7168c3321833fee63399ad1ebb7dd07bd7748c8387f6d504bfb9882c928b4195baf7b835aa7006e4b3d8b751ece41fc818bc5eeee69732e2129143003c2c8934b2040504f75b790abf355c4167e5d8ed3f4b46b627f0bb803a39000000000000000000000000001400cfc26dd7c500f04cd85f2a70f5e9930e3c5db45a5500f8f669fb716dcf315ecaf385409ac65b9408678c2c3b9e1d52c36cde7ba4a400b4b0b4f174a666a8529a451b3407dbdab2884baf050000000000000047ec21cabff20f9c1cbe36f4fd1a4cc280e8e289da649a37002c016f6465762f6eb17b2300f9daa5ee23266ecf85fea65e42d979a3fde5f475daf03b1172d97badc7095afd76fe4f0441f7f7741eac030000ecff0000dba0c2f7f09ff53c7e4d1ad66e2d070198019f30118447aa9a74f51685f506ae894806878267d5a1298d792c4a37f2e1cbbd2482929a0d8972b5cf732ea5b0d723859dba3f93aed3b42ee7cac07de09d1d68a60333a882467d2b31aacdf9188549b1125d6c4c9b18c2fb56c57d7dc626e4390796a1eb48274669ab13f8b11d146059f310e2634d593fec65d529f382066664df244e4c90570a70049f399f061f75b7797ce1fe11ea919609d51a41dd3de304bd7c7ed0a456f0ae12516105c9ce887df5a6e0b6a77d596cf88ba6e5c6397c7d5021d7989528fd1739e1c2d87fff00"/1100, @ANYRES32=0x0, @ANYRES32=0x0, @ANYRES32=0x0], 0x458)

304.370873ms ago: executing program 9 (id=1179):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
vmsplice(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="63d2447dbe", 0x5}], 0x1, 0x8) (async)
r1 = accept$unix(0xffffffffffffffff, &(0x7f0000000100), &(0x7f0000000180)=0x6e) (async, rerun: 32)
r2 = gettid() (rerun: 32)
r3 = getuid()
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000000580)={0x0, 0x0, <r4=>0x0}, &(0x7f00000005c0)=0xc)
sendmmsg$unix(r1, &(0x7f0000000640)=[{{&(0x7f00000001c0)=@abs={0x1, 0x0, 0x4e22}, 0x6e, &(0x7f0000000540)=[{&(0x7f0000000280)="44a3f001d58f31202fcb54ac3ffc601d21f7b34d49b2f98c639af735a6a7bf78c5fdc242928a4ac6971c4e9ad0b73f64a3f1be3d7b9105105d3e5c73dd8bb2ef1f05a8a9f32c19fa15a4b865ea274f9b1bccf085da639e8d67154b36409ab9ccea2a4be18ac4affa0712cc5239cdd88bc23bd5b7bbb4d96288d7f97636ae8ac99fbe89f3b40b5fc9b150fd4768f67a1c1defd652e6dc231e1b45b0803d71fa5dd4ae333567ed516e798059632cd25764526ddd46aa865c7dbe3cc774352f1705bf10f168071b39a64f1f74b945a1395996bcc2fc95cfb4dfbb25", 0xda}, {&(0x7f0000000380)="36cf21c8fe58735dbf3c2e513eaf4601050380a4b983aecd9354914ab6bafe0d70d3c955026517842141cf6d124dbb46ab7ec8001921b9561738e05257f28da0294500e4c8e684216f482fffdd8e691c85e6804c4b094a87c18f40305d521c8cc28016fbbdeff65bda2b52a2c5e7c4ca16190ee8f3cc9eaa2f162b6b04ad6b18661aeaaabbd1dc90f1f5d65b9ff31fdc4a1cdbe49df02970530f649db4", 0x9d}, {&(0x7f0000000440)="ad6eedb00a61b607234537fee1933d11320f383221116df2e4e7e960459f92e9194f761928021e145ca5123c824b7d6fc4ac8fcf0d04139bafd9fbf0df2a1b6aa3bcd7ce31e8a9aa9c8ab4c31047aaf51c431d7aeba1a63c5965b333fd7ec836e59c0369b105375a9f698922735a83d8ff95ab2d583d011f6c4223a43812e7b1bba033906ef35aa0ad306cb469de5614ed8b89a3ad7d1a921373fac2b127c59ea8a4e57b654fc10918eca303105ab0523dac47f17d52568417fdc7bdd0fea30a0468ec35a9c5a5f0dc26b8c8d638d1cf27907ed73d5471dc893a6557325ec4327af05db2d8f4a12ddc5045f6c0b0ed6878833ce25d091a8e", 0xf8}], 0x3, &(0x7f0000000600)=[@cred={{0x1c, 0x1, 0x2, {r2, r3, r4}}}], 0x20, 0x4001}}], 0x1, 0x400c850) (async)
r5 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0xcae00)
read(r5, 0x0, 0x0) (async, rerun: 32)
mount(&(0x7f0000000000)=@rnullb, &(0x7f00000000c0)='./cgroup\x00', &(0x7f0000000040)='squashfs\x00', 0x208002, 0x0) (rerun: 32)

0s ago: executing program 9 (id=1180):
r0 = openat$rnullb(0xffffffffffffff9c, &(0x7f0000000040), 0x28200, 0x0)
read(r0, &(0x7f0000000100)=""/159, 0xfffffe5a)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000002c0)={'wlan0\x00'})
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x64}}, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="0900000000000000000002000000140001800500020001"], 0x28}}, 0x0)
sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f00000007c0)={&(0x7f0000000580)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000640)={&(0x7f0000000880)=ANY=[@ANYBLOB="44000000216b715e21ecef7697836a", @ANYRES16=r3, @ANYBLOB="00082abd7000fbdbdf25030000000500050005000000080003000100000008000400b7000000080002000100000005000500030000000800020001000000"], 0x44}}, 0x4000010)
r4 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r4, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x14, &(0x7f0000000140)={<r5=>0xffffffffffffffff}, 0x106, 0x9}}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(r4, &(0x7f0000000a00)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4e24, 0x40003, @mcast1}, {0x2, 0xfff9, 0xc02, @private1, 0xffffffff}, r5, 0x9dffffff}}, 0x48)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000800)=ANY=[@ANYBLOB="4c00000002060108000000000000000000230000140007800800114000000000b5e3cc050015002c00000005000400000000000900020073797a300000000010000300686173683a69702c6d61"], 0x4c}}, 0x0)
sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)=ANY=[@ANYBLOB="14000049c7d958aec852291f8d579d42e00dd17ef2eb4391d549352765a17a009b924eb9253e1a1f38b839f78d1da58950bb0816e22dde4d"], 0x14}}, 0x0)
vmsplice(0xffffffffffffffff, &(0x7f0000000340)=[{&(0x7f00000006c0)="6d0b1f4f38bdfad50659e830c28f177bb7f0eca4ece2d735069dc3d8310a66388073fdecd0c184c4fb25e7a64bdca2cc1e7b117a41fb1a7541723762a4d65d1e1f168504f697c6", 0x47}], 0x1, 0x9)
r6 = socket$nl_generic(0x10, 0x3, 0x10)
r7 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r7, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f00000013c0)={'wlan1\x00', <r9=>0x0})
sendmsg$NL80211_CMD_FRAME(r6, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r8, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r9, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0)

kernel console output (not intermixed with test programs):

b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  247.244305][ T8314] RSP: 002b:00007f5903574038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  247.244323][ T8314] RAX: ffffffffffffffda RBX: 00007f59029b6080 RCX: 00007f590278e929
[  247.244341][ T8314] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000006
[  247.244351][ T8314] RBP: 00007f5903574090 R08: 0000000000000000 R09: 0000000000000000
[  247.244361][ T8314] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  247.244371][ T8314] R13: 0000000000000001 R14: 00007f59029b6080 R15: 00007fffea89e8a8
[  247.244399][ T8314]  </TASK>
[  247.636242][ T8313] fido_id[8313]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/6-1/report_descriptor': No such file or directory
[  247.890086][ T8318] netlink: 8 bytes leftover after parsing attributes in process `syz.7.849'.
[  248.177319][ T8324] Can't find a SQUASHFS superblock on rnullb0
[  248.304019][ T8330] FAULT_INJECTION: forcing a failure.
[  248.304019][ T8330] name failslab, interval 1, probability 0, space 0, times 0
[  248.342882][ T8330] CPU: 0 UID: 0 PID: 8330 Comm: syz.5.851 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  248.342907][ T8330] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  248.342916][ T8330] Call Trace:
[  248.342923][ T8330]  <TASK>
[  248.342931][ T8330]  dump_stack_lvl+0x189/0x250
[  248.342954][ T8330]  ? __pfx____ratelimit+0x10/0x10
[  248.342978][ T8330]  ? __pfx_dump_stack_lvl+0x10/0x10
[  248.342997][ T8330]  ? __pfx__printk+0x10/0x10
[  248.343022][ T8330]  ? __pfx___might_resched+0x10/0x10
[  248.343038][ T8330]  ? fs_reclaim_acquire+0x7d/0x100
[  248.343065][ T8330]  should_fail_ex+0x414/0x560
[  248.343090][ T8330]  should_failslab+0xa8/0x100
[  248.343112][ T8330]  kmem_cache_alloc_noprof+0x73/0x3c0
[  248.343131][ T8330]  ? skb_clone+0x212/0x3a0
[  248.343151][ T8330]  ? __pfx__raw_read_unlock_irqrestore+0x10/0x10
[  248.343185][ T8330]  skb_clone+0x212/0x3a0
[  248.343205][ T8330]  ? netlink_broadcast_filtered+0x64b/0x1140
[  248.343227][ T8330]  netlink_broadcast_filtered+0x659/0x1140
[  248.343267][ T8330]  netlink_broadcast+0x37/0x50
[  248.343288][ T8330]  kobject_uevent_net_broadcast+0x378/0x560
[  248.343315][ T8330]  kobject_uevent_env+0x55b/0x8c0
[  248.343337][ T8330]  ? kobject_put+0x43f/0x480
[  248.343359][ T8330]  device_release_driver_internal+0x6e4/0x7c0
[  248.343388][ T8330]  proc_disconnect_claim+0x2e1/0x350
[  248.343411][ T8330]  ? rcu_is_watching+0x15/0xb0
[  248.343431][ T8330]  ? __pfx_proc_disconnect_claim+0x10/0x10
[  248.343450][ T8330]  ? trace_contention_end+0x39/0x120
[  248.343515][ T8330]  usbdev_ioctl+0x131b/0x20c0
[  248.343544][ T8330]  ? __pfx_usbdev_ioctl+0x10/0x10
[  248.343567][ T8330]  ? __fget_files+0x2a/0x420
[  248.343589][ T8330]  ? __fget_files+0x3a0/0x420
[  248.343610][ T8330]  ? __fget_files+0x2a/0x420
[  248.343636][ T8330]  ? bpf_lsm_file_ioctl+0x9/0x20
[  248.343653][ T8330]  ? __pfx_usbdev_ioctl+0x10/0x10
[  248.343672][ T8330]  __se_sys_ioctl+0xfc/0x170
[  248.343695][ T8330]  do_syscall_64+0xfa/0x3b0
[  248.343710][ T8330]  ? lockdep_hardirqs_on+0x9c/0x150
[  248.343732][ T8330]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.343748][ T8330]  ? clear_bhb_loop+0x60/0xb0
[  248.343769][ T8330]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  248.343785][ T8330] RIP: 0033:0x7fcd7498e929
[  248.343800][ T8330] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  248.343814][ T8330] RSP: 002b:00007fcd727f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  248.343832][ T8330] RAX: ffffffffffffffda RBX: 00007fcd74bb5fa0 RCX: 00007fcd7498e929
[  248.343845][ T8330] RDX: 0000200000000000 RSI: 000000008108551b RDI: 0000000000000003
[  248.343856][ T8330] RBP: 00007fcd727f6090 R08: 0000000000000000 R09: 0000000000000000
[  248.343866][ T8330] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  248.343876][ T8330] R13: 0000000000000000 R14: 00007fcd74bb5fa0 R15: 00007fffe1e0e3a8
[  248.343904][ T8330]  </TASK>
[  249.063582][ T8339] Can't find a SQUASHFS superblock on rnullb0
[  249.244401][ T8342] netlink: 'syz.8.855': attribute type 4 has an invalid length.
[  250.992493][ T8361] netlink: 1320 bytes leftover after parsing attributes in process `syz.8.861'.
[  251.022179][ T8361] netlink: 38740 bytes leftover after parsing attributes in process `syz.8.861'.
[  251.543164][ T8369] Can't find a SQUASHFS superblock on rnullb0
[  251.712471][   T10] usb 9-1: new high-speed USB device number 7 using dummy_hcd
[  251.728257][ T8370] netlink: 'syz.5.865': attribute type 4 has an invalid length.
[  251.872161][   T10] usb 9-1: Using ep0 maxpacket: 32
[  251.928955][   T10] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  251.972127][   T10] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  252.011617][   T10] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.063216][   T10] usb 9-1: config 0 descriptor??
[  252.084388][   T10] hub 9-1:0.0: bad descriptor, ignoring hub
[  252.090336][   T10] hub 9-1:0.0: probe with driver hub failed with error -5
[  252.153872][   T10] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  252.382541][ T5837] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1
[  252.397411][ T5837] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9
[  252.408234][ T5837] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9
[  252.423706][ T5837] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4
[  252.431817][ T5837] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2
[  252.906178][ T8373] chnl_net:caif_netlink_parms(): no params data found
[  253.421081][ T8373] bridge0: port 1(bridge_slave_0) entered blocking state
[  253.452802][ T8373] bridge0: port 1(bridge_slave_0) entered disabled state
[  253.460148][ T8373] bridge_slave_0: entered allmulticast mode
[  253.494319][ T8373] bridge_slave_0: entered promiscuous mode
[  253.523934][ T8373] bridge0: port 2(bridge_slave_1) entered blocking state
[  253.549826][ T8373] bridge0: port 2(bridge_slave_1) entered disabled state
[  253.582700][ T8373] bridge_slave_1: entered allmulticast mode
[  253.590511][ T8373] bridge_slave_1: entered promiscuous mode
[  253.770471][ T8373] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  253.804975][ T8373] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  253.975717][ T8373] team0: Port device team_slave_0 added
[  253.996247][ T8373] team0: Port device team_slave_1 added
[  254.164485][ T8373] batman_adv: batadv0: Adding interface: batadv_slave_0
[  254.171468][ T8373] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  254.253974][ T8373] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  254.278649][ T8373] batman_adv: batadv0: Adding interface: batadv_slave_1
[  254.287169][ T8394] hfs: can't find a HFS filesystem on dev rnullb0
[  254.313888][ T8373] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  254.432203][ T8373] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  254.502866][ T5835] Bluetooth: hci9: command tx timeout
[  254.602515][ T5903] usb 9-1: USB disconnect, device number 7
[  254.648264][ T8403] Can't find a SQUASHFS superblock on rnullb0
[  254.706306][ T8373] hsr_slave_0: entered promiscuous mode
[  254.728005][ T8373] hsr_slave_1: entered promiscuous mode
[  254.746863][ T8373] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  254.767487][ T8373] Cannot create hsr debugfs directory
[  254.777263][ T8406] netlink: 'syz.7.873': attribute type 4 has an invalid length.
[  254.962396][ T5864] usb 6-1: new high-speed USB device number 28 using dummy_hcd
[  255.162292][ T5864] usb 6-1: Using ep0 maxpacket: 16
[  255.204147][ T5864] usb 6-1: config 64 has an invalid interface number: 13 but max is 0
[  255.250863][ T5864] usb 6-1: config 64 has no interface number 0
[  255.262413][ T5864] usb 6-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  255.302211][ T5864] usb 6-1: config 64 interface 13 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  255.344457][ T5864] usb 6-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  255.385477][ T5864] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.412298][ T5864] usb 6-1: Product: syz
[  255.416513][ T5864] usb 6-1: Manufacturer: syz
[  255.421112][ T5864] usb 6-1: SerialNumber: syz
[  255.501567][ T5864] option 6-1:64.13: GSM modem (1-port) converter detected
[  255.618271][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  255.618339][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  255.706667][ T5864] usb 6-1: USB disconnect, device number 28
[  255.718828][ T5864] option 6-1:64.13: device disconnected
[  255.729127][ T8373] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  255.790750][ T8373] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  255.835141][ T8373] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  255.861566][   T30] audit: type=1326 audit(1750688706.830:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8420 comm="syz.8.879" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f989578e929 code=0x0
[  255.911622][ T8373] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  256.162568][ T5864] usb 6-1: new full-speed USB device number 29 using dummy_hcd
[  256.289838][ T8373] 8021q: adding VLAN 0 to HW filter on device bond0
[  256.345480][ T5864] usb 6-1: config 0 has an invalid interface number: 229 but max is 0
[  256.376543][ T5864] usb 6-1: config 0 has no interface number 0
[  256.385141][ T8373] 8021q: adding VLAN 0 to HW filter on device team0
[  256.397427][ T5864] usb 6-1: config 0 interface 229 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  256.437638][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[  256.444874][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[  256.513180][ T5864] usb 6-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  256.536602][ T5864] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  256.552966][ T5864] usb 6-1: Product: syz
[  256.563362][ T5126] bridge0: port 2(bridge_slave_1) entered blocking state
[  256.570547][ T5126] bridge0: port 2(bridge_slave_1) entered forwarding state
[  256.578552][ T5864] usb 6-1: Manufacturer: syz
[  256.582440][ T5835] Bluetooth: hci9: command tx timeout
[  256.594776][ T5864] usb 6-1: SerialNumber: syz
[  256.633187][ T5864] usb 6-1: config 0 descriptor??
[  256.710246][ T8373] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  256.883252][ T5864] qmi_wwan 6-1:0.229: probe with driver qmi_wwan failed with error -22
[  256.959207][ T5864] usb 6-1: USB disconnect, device number 29
[  257.309068][ T8373] 8021q: adding VLAN 0 to HW filter on device batadv0
[  257.492194][   T24] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  257.674888][   T24] usb 9-1: Using ep0 maxpacket: 32
[  257.695066][   T24] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  257.720104][   T24] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  257.753287][   T24] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.785903][   T24] usb 9-1: config 0 descriptor??
[  257.804067][   T24] hub 9-1:0.0: bad descriptor, ignoring hub
[  257.817245][   T24] hub 9-1:0.0: probe with driver hub failed with error -5
[  257.837865][   T24] usbhid 9-1:0.0: couldn't find an input interrupt endpoint
[  258.078493][ T8373] veth0_vlan: entered promiscuous mode
[  258.117732][ T8373] veth1_vlan: entered promiscuous mode
[  258.207569][ T8373] veth0_macvtap: entered promiscuous mode
[  258.241521][ T8373] veth1_macvtap: entered promiscuous mode
[  258.359218][ T8373] batman_adv: batadv0: Interface activated: batadv_slave_0
[  258.409465][ T8373] batman_adv: batadv0: Interface activated: batadv_slave_1
[  258.479971][ T8373] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  258.512310][ T8373] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  258.521044][ T8373] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  258.537720][ T8457] netlink: 6012 bytes leftover after parsing attributes in process `syz.5.887'.
[  258.563700][ T8373] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  258.583097][ T8457] netlink: 38740 bytes leftover after parsing attributes in process `syz.5.887'.
[  258.654195][ T5835] Bluetooth: hci9: command tx timeout
[  258.845364][ T1165] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  258.893049][ T1165] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  258.956433][ T5126] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  258.996584][ T5126] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  259.293693][  T982] usb 6-1: new high-speed USB device number 30 using dummy_hcd
[  259.460087][ T8472] FAULT_INJECTION: forcing a failure.
[  259.460087][ T8472] name failslab, interval 1, probability 0, space 0, times 0
[  259.494371][  T982] usb 6-1: Using ep0 maxpacket: 16
[  259.502193][ T8472] CPU: 1 UID: 0 PID: 8472 Comm: syz.7.892 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  259.502237][ T8472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  259.502259][ T8472] Call Trace:
[  259.502273][ T8472]  <TASK>
[  259.502287][ T8472]  dump_stack_lvl+0x189/0x250
[  259.502333][ T8472]  ? __pfx____ratelimit+0x10/0x10
[  259.502367][ T8472]  ? __pfx_dump_stack_lvl+0x10/0x10
[  259.502385][ T8472]  ? __pfx__printk+0x10/0x10
[  259.502409][ T8472]  ? __pfx___might_resched+0x10/0x10
[  259.502433][ T8472]  should_fail_ex+0x414/0x560
[  259.502458][ T8472]  should_failslab+0xa8/0x100
[  259.502480][ T8472]  __kmalloc_cache_noprof+0x70/0x3d0
[  259.502499][ T8472]  ? ovs_flow_tbl_init+0x57/0x800
[  259.502524][ T8472]  ovs_flow_tbl_init+0x57/0x800
[  259.502545][ T8472]  ? __kmalloc_cache_noprof+0x230/0x3d0
[  259.502563][ T8472]  ? ovs_dp_cmd_new+0x1ac/0xaf0
[  259.502590][ T8472]  ovs_dp_cmd_new+0x24b/0xaf0
[  259.502625][ T8472]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  259.502656][ T8472]  ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0
[  259.502689][ T8472]  genl_family_rcv_msg_doit+0x215/0x300
[  259.502720][ T8472]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  259.502756][ T8472]  ? bpf_lsm_capable+0x9/0x20
[  259.502774][ T8472]  ? security_capable+0x7e/0x2e0
[  259.502796][ T8472]  genl_rcv_msg+0x60e/0x790
[  259.502825][ T8472]  ? __pfx_genl_rcv_msg+0x10/0x10
[  259.502845][ T8472]  ? ref_tracker_free+0x63a/0x7d0
[  259.502864][ T8472]  ? __pfx_ovs_dp_cmd_new+0x10/0x10
[  259.502888][ T8472]  ? __pfx_ref_tracker_free+0x10/0x10
[  259.502919][ T8472]  netlink_rcv_skb+0x208/0x470
[  259.502940][ T8472]  ? __pfx_genl_rcv_msg+0x10/0x10
[  259.502964][ T8472]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  259.503001][ T8472]  ? down_read+0x1ad/0x2e0
[  259.503021][ T8472]  genl_rcv+0x28/0x40
[  259.503041][ T8472]  netlink_unicast+0x75b/0x8d0
[  259.503068][ T8472]  netlink_sendmsg+0x805/0xb30
[  259.503117][ T8472]  ? __pfx_netlink_sendmsg+0x10/0x10
[  259.503139][ T8472]  ? aa_sock_msg_perm+0x94/0x160
[  259.503156][ T8472]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  259.503178][ T8472]  ? __pfx_netlink_sendmsg+0x10/0x10
[  259.503197][ T8472]  __sock_sendmsg+0x21c/0x270
[  259.503216][ T8472]  ____sys_sendmsg+0x505/0x830
[  259.503240][ T8472]  ? __pfx_____sys_sendmsg+0x10/0x10
[  259.503266][ T8472]  ? import_iovec+0x74/0xa0
[  259.503286][ T8472]  ___sys_sendmsg+0x21f/0x2a0
[  259.503308][ T8472]  ? __pfx____sys_sendmsg+0x10/0x10
[  259.503362][ T8472]  ? __fget_files+0x2a/0x420
[  259.503382][ T8472]  ? __fget_files+0x3a0/0x420
[  259.503413][ T8472]  __x64_sys_sendmsg+0x19b/0x260
[  259.503434][ T8472]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  259.503462][ T8472]  ? __pfx_ksys_write+0x10/0x10
[  259.503479][ T8472]  ? rcu_is_watching+0x15/0xb0
[  259.503501][ T8472]  ? do_syscall_64+0xbe/0x3b0
[  259.503519][ T8472]  do_syscall_64+0xfa/0x3b0
[  259.503533][ T8472]  ? lockdep_hardirqs_on+0x9c/0x150
[  259.503556][ T8472]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.503571][ T8472]  ? clear_bhb_loop+0x60/0xb0
[  259.503590][ T8472]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  259.503605][ T8472] RIP: 0033:0x7f590278e929
[  259.503620][ T8472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  259.503634][ T8472] RSP: 002b:00007f5903595038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  259.503651][ T8472] RAX: ffffffffffffffda RBX: 00007f59029b5fa0 RCX: 00007f590278e929
[  259.503663][ T8472] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  259.503677][ T8472] RBP: 00007f5903595090 R08: 0000000000000000 R09: 0000000000000000
[  259.503687][ T8472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  259.503696][ T8472] R13: 0000000000000000 R14: 00007f59029b5fa0 R15: 00007fffea89e8a8
[  259.503723][ T8472]  </TASK>
[  259.504070][ T5902] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  259.506198][  T982] usb 6-1: config 64 has an invalid interface number: 13 but max is 0
[  259.702576][ T5902] usb 10-1: Using ep0 maxpacket: 16
[  259.752919][  T982] usb 6-1: config 64 has no interface number 0
[  259.825147][ T5902] usb 10-1: config 64 has an invalid interface number: 13 but max is 0
[  259.859198][  T982] usb 6-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  259.943401][  T982] usb 6-1: config 64 interface 13 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  259.981835][  T982] usb 6-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  259.982127][ T5902] usb 10-1: config 64 has no interface number 0
[  260.000049][  T982] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.009571][  T982] usb 6-1: Product: syz
[  260.019713][  T982] usb 6-1: Manufacturer: syz
[  260.028742][  T982] usb 6-1: SerialNumber: syz
[  260.030397][ T5902] usb 10-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  260.060693][  T982] option 6-1:64.13: GSM modem (1-port) converter detected
[  260.083880][ T5902] usb 10-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 1024
[  260.119076][ T5902] usb 10-1: config 64 interface 13 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1024
[  260.142263][ T5902] usb 10-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  260.161691][ T5902] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.185078][ T5902] usb 10-1: Product: syz
[  260.191454][ T5902] usb 10-1: Manufacturer: syz
[  260.206890][ T5902] usb 10-1: SerialNumber: syz
[  260.277487][ T8480] Bluetooth: MGMT ver 1.23
[  260.288035][ T5902] option 10-1:64.13: GSM modem (1-port) converter detected
[  260.298774][ T8480] FAULT_INJECTION: forcing a failure.
[  260.298774][ T8480] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  260.319168][ T8480] CPU: 1 UID: 0 PID: 8480 Comm: syz.8.895 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  260.319191][ T8480] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  260.319202][ T8480] Call Trace:
[  260.319209][ T8480]  <TASK>
[  260.319216][ T8480]  dump_stack_lvl+0x189/0x250
[  260.319239][ T8480]  ? __pfx____ratelimit+0x10/0x10
[  260.319263][ T8480]  ? __pfx_dump_stack_lvl+0x10/0x10
[  260.319281][ T8480]  ? __pfx__printk+0x10/0x10
[  260.319320][ T8480]  should_fail_ex+0x414/0x560
[  260.319345][ T8480]  _copy_to_user+0x31/0xb0
[  260.319364][ T8480]  simple_read_from_buffer+0xe1/0x170
[  260.319392][ T8480]  proc_fail_nth_read+0x1df/0x250
[  260.319411][ T8480]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  260.319430][ T8480]  ? rw_verify_area+0x258/0x650
[  260.319449][ T8480]  ? __pfx_proc_fail_nth_read+0x10/0x10
[  260.319466][ T8480]  vfs_read+0x1fd/0x980
[  260.319491][ T8480]  ? __pfx___mutex_lock+0x10/0x10
[  260.319507][ T8480]  ? __pfx_vfs_read+0x10/0x10
[  260.319529][ T8480]  ? __fget_files+0x2a/0x420
[  260.319555][ T8480]  ? __fget_files+0x3a0/0x420
[  260.319576][ T8480]  ? __fget_files+0x2a/0x420
[  260.319607][ T8480]  ksys_read+0x145/0x250
[  260.319630][ T8480]  ? __pfx_ksys_read+0x10/0x10
[  260.319647][ T8480]  ? rcu_is_watching+0x15/0xb0
[  260.319671][ T8480]  ? do_syscall_64+0xbe/0x3b0
[  260.319690][ T8480]  do_syscall_64+0xfa/0x3b0
[  260.319704][ T8480]  ? lockdep_hardirqs_on+0x9c/0x150
[  260.319727][ T8480]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.319743][ T8480]  ? clear_bhb_loop+0x60/0xb0
[  260.319763][ T8480]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  260.319779][ T8480] RIP: 0033:0x7f989578d33c
[  260.319794][ T8480] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  260.319808][ T8480] RSP: 002b:00007f9896534030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  260.319825][ T8480] RAX: ffffffffffffffda RBX: 00007f98959b5fa0 RCX: 00007f989578d33c
[  260.319837][ T8480] RDX: 000000000000000f RSI: 00007f98965340a0 RDI: 0000000000000003
[  260.319848][ T8480] RBP: 00007f9896534090 R08: 0000000000000000 R09: 0000000000000000
[  260.319858][ T8480] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  260.319868][ T8480] R13: 0000000000000000 R14: 00007f98959b5fa0 R15: 00007ffdcc204348
[  260.319895][ T8480]  </TASK>
[  260.550344][    C1] vkms_vblank_simulate: vblank timer overrun
[  260.692532][  T982] usb 6-1: USB disconnect, device number 30
[  260.730108][  T982] option 6-1:64.13: device disconnected
[  260.736830][    T9] usb 10-1: USB disconnect, device number 2
[  260.814600][ T5835] Bluetooth: hci9: command tx timeout
[  260.830442][    T9] option 10-1:64.13: device disconnected
[  260.849901][   T24] usb 9-1: USB disconnect, device number 8
[  260.945238][ T8482] netlink: 48464 bytes leftover after parsing attributes in process `syz.8.896'.
[  261.126643][ T8486] Can't find a SQUASHFS superblock on rnullb0
[  261.183286][  T982] usb 6-1: new full-speed USB device number 31 using dummy_hcd
[  261.198105][ T8486] netlink: 'syz.8.898': attribute type 4 has an invalid length.
[  261.232877][    T9] usb 10-1: new full-speed USB device number 3 using dummy_hcd
[  261.357737][  T982] usb 6-1: config 0 has an invalid interface number: 229 but max is 0
[  261.367811][  T982] usb 6-1: config 0 has no interface number 0
[  261.386715][  T982] usb 6-1: config 0 interface 229 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  261.413118][    T9] usb 10-1: config 0 has an invalid interface number: 229 but max is 0
[  261.438092][    T9] usb 10-1: config 0 has no interface number 0
[  261.448522][  T982] usb 6-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  261.469655][    T9] usb 10-1: config 0 interface 229 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 64
[  261.488358][  T982] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.502311][  T982] usb 6-1: Product: syz
[  261.506506][  T982] usb 6-1: Manufacturer: syz
[  261.524954][  T982] usb 6-1: SerialNumber: syz
[  261.530423][    T9] usb 10-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  261.551886][    T9] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  261.563850][  T982] usb 6-1: config 0 descriptor??
[  261.581446][    T9] usb 10-1: Product: syz
[  261.586968][    T9] usb 10-1: Manufacturer: syz
[  261.598158][    T9] usb 10-1: SerialNumber: syz
[  261.618173][    T9] usb 10-1: config 0 descriptor??
[  261.778670][  T982] qmi_wwan 6-1:0.229: probe with driver qmi_wwan failed with error -22
[  261.806914][  T982] usb 6-1: USB disconnect, device number 31
[  261.844011][    T9] qcserial 10-1:0.229: Qualcomm USB modem converter detected
[  261.866794][    T9] usb 10-1: Qualcomm USB modem converter now attached to ttyUSB0
[  261.901883][    T9] usb 10-1: USB disconnect, device number 3
[  261.924307][    T9] qcserial ttyUSB0: Qualcomm USB modem converter now disconnected from ttyUSB0
[  261.958311][    T9] qcserial 10-1:0.229: device disconnected
[  262.716662][ T8509] netlink: 48464 bytes leftover after parsing attributes in process `syz.8.906'.
[  262.945934][ T8512] Can't find a SQUASHFS superblock on rnullb0
[  262.996202][ T8512] netlink: 'syz.8.907': attribute type 4 has an invalid length.
[  263.324623][ T8518] block device autoloading is deprecated and will be removed.
[  263.992204][   T24] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  264.155506][   T24] usb 9-1: Using ep0 maxpacket: 16
[  264.179306][   T24] usb 9-1: config 64 has an invalid interface number: 13 but max is 0
[  264.205918][   T24] usb 9-1: config 64 has no interface number 0
[  264.225796][   T24] usb 9-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  264.254446][   T24] usb 9-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 1024
[  264.301370][   T24] usb 9-1: config 64 interface 13 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1024
[  264.354779][   T24] usb 9-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  264.371192][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  264.401159][   T24] usb 9-1: Product: syz
[  264.411261][   T24] usb 9-1: Manufacturer: syz
[  264.437769][   T24] usb 9-1: SerialNumber: syz
[  264.478526][   T24] option 9-1:64.13: GSM modem (1-port) converter detected
[  264.550109][ T8533] netlink: 48464 bytes leftover after parsing attributes in process `syz.5.915'.
[  264.664529][   T24] usb 9-1: USB disconnect, device number 9
[  264.678200][   T24] option 9-1:64.13: device disconnected
[  264.736291][ T8535] Can't find a SQUASHFS superblock on rnullb0
[  264.755723][ T8535] netlink: 'syz.5.916': attribute type 4 has an invalid length.
[  264.993115][ T8541] NILFS (rnullb0): couldn't find nilfs on the device
[  265.172403][   T24] usb 9-1: new full-speed USB device number 10 using dummy_hcd
[  265.336807][   T24] usb 9-1: config 0 has an invalid interface number: 229 but max is 0
[  265.355308][   T24] usb 9-1: config 0 has no interface number 0
[  265.361471][   T24] usb 9-1: config 0 interface 229 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 64
[  265.397193][   T24] usb 9-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  265.422116][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.430160][   T24] usb 9-1: Product: syz
[  265.442157][   T24] usb 9-1: Manufacturer: syz
[  265.446779][   T24] usb 9-1: SerialNumber: syz
[  265.475943][   T24] usb 9-1: config 0 descriptor??
[  265.632119][   T30] audit: type=1326 audit(1750688716.600:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8536 comm="syz.9.917" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75c878e929 code=0x0
[  265.696224][   T24] qcserial 9-1:0.229: Qualcomm USB modem converter detected
[  265.734040][   T24] usb 9-1: Qualcomm USB modem converter now attached to ttyUSB0
[  265.760387][   T24] usb 9-1: USB disconnect, device number 10
[  265.808275][   T24] qcserial ttyUSB0: Qualcomm USB modem converter now disconnected from ttyUSB0
[  265.846758][   T24] qcserial 9-1:0.229: device disconnected
[  266.862684][  T979] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  267.024379][  T979] usb 10-1: Using ep0 maxpacket: 8
[  267.044843][  T979] usb 10-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d
[  267.068810][  T979] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  267.093800][  T979] usb 10-1: Product: syz
[  267.109250][  T979] usb 10-1: Manufacturer: syz
[  267.123757][  T979] usb 10-1: SerialNumber: syz
[  267.142198][   T24] usb 6-1: new high-speed USB device number 32 using dummy_hcd
[  267.154867][  T979] usb 10-1: config 0 descriptor??
[  267.164532][  T979] gspca_main: sonixj-2.14.0 probing 0c45:613a
[  267.291191][   T24] usb 6-1: device descriptor read/64, error -71
[  267.520731][ T8565] Can't find a SQUASHFS superblock on rnullb0
[  267.542320][   T24] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  267.563506][ T8565] netlink: 'syz.8.926': attribute type 4 has an invalid length.
[  267.702740][   T24] usb 6-1: device descriptor read/64, error -71
[  267.778011][  T979] gspca_sonixj: reg_r err -32
[  267.787327][  T979] sonixj 10-1:0.0: probe with driver sonixj failed with error -32
[  267.812606][   T24] usb usb6-port1: attempt power cycle
[  268.163666][   T24] usb 6-1: new high-speed USB device number 34 using dummy_hcd
[  268.192850][   T24] usb 6-1: device descriptor read/8, error -71
[  268.442451][   T24] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  268.486009][   T24] usb 6-1: device descriptor read/8, error -71
[  268.506791][  T982] usb 10-1: USB disconnect, device number 4
[  268.620060][   T24] usb usb6-port1: unable to enumerate USB device
[  269.232125][ T5926] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  269.396578][ T5926] usb 10-1: Using ep0 maxpacket: 16
[  269.415512][ T5926] usb 10-1: config 64 has an invalid interface number: 13 but max is 0
[  269.434346][ T5926] usb 10-1: config 64 has no interface number 0
[  269.451005][ T5926] usb 10-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  269.480138][ T5926] usb 10-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 1024
[  269.513580][ T5926] usb 10-1: config 64 interface 13 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1024
[  269.538828][ T5926] usb 10-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  269.552092][ T5926] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  269.570733][ T5926] usb 10-1: Product: syz
[  269.580646][ T5926] usb 10-1: Manufacturer: syz
[  269.590795][ T5926] usb 10-1: SerialNumber: syz
[  269.618372][ T5926] option 10-1:64.13: GSM modem (1-port) converter detected
[  269.732163][    T9] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  269.833246][   T24] usb 10-1: USB disconnect, device number 5
[  269.853104][   T24] option 10-1:64.13: device disconnected
[  269.906785][    T9] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  269.990376][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  270.009421][    T9] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  270.035306][    T9] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  270.059614][    T9] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  270.087672][    T9] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  270.103776][    T9] usb 9-1: Manufacturer: syz
[  270.119709][    T9] usb 9-1: config 0 descriptor??
[  270.295080][  T982] usb 10-1: new full-speed USB device number 6 using dummy_hcd
[  270.344636][ T8579] capability: warning: `syz.8.932' uses deprecated v2 capabilities in a way that may be insecure
[  270.484410][  T982] usb 10-1: config 0 has an invalid interface number: 229 but max is 0
[  270.525556][  T982] usb 10-1: config 0 has no interface number 0
[  270.545173][  T982] usb 10-1: config 0 interface 229 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 64
[  270.588862][    T9] appleir 0003:05AC:8243.000E: unknown main item tag 0x0
[  270.598648][  T982] usb 10-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  270.618345][  T982] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.627471][    T9] appleir 0003:05AC:8243.000E: No inputs registered, leaving
[  270.642162][  T982] usb 10-1: Product: syz
[  270.646440][  T982] usb 10-1: Manufacturer: syz
[  270.670271][    T9] appleir 0003:05AC:8243.000E: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.8-1/input0
[  270.692397][  T982] usb 10-1: SerialNumber: syz
[  270.703238][  T982] usb 10-1: config 0 descriptor??
[  270.848221][    T9] usb 9-1: USB disconnect, device number 11
[  270.927694][  T982] qcserial 10-1:0.229: Qualcomm USB modem converter detected
[  270.952604][  T982] usb 10-1: Qualcomm USB modem converter now attached to ttyUSB0
[  270.991957][  T982] usb 10-1: USB disconnect, device number 6
[  271.016816][  T982] qcserial ttyUSB0: Qualcomm USB modem converter now disconnected from ttyUSB0
[  271.041115][  T982] qcserial 10-1:0.229: device disconnected
[  271.579050][ T8596] netlink: 'syz.9.939': attribute type 29 has an invalid length.
[  271.640465][ T8596] netlink: 'syz.9.939': attribute type 29 has an invalid length.
[  271.672865][ T8596] netlink: 'syz.9.939': attribute type 29 has an invalid length.
[  271.701786][ T8596] netlink: 'syz.9.939': attribute type 29 has an invalid length.
[  271.782140][   T24] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  271.955754][   T24] usb 9-1: Using ep0 maxpacket: 8
[  271.973808][   T24] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  272.001636][   T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  272.035110][   T24] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  272.093067][   T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  272.142739][   T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  272.198579][   T24] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  272.208040][  T979] usb 10-1: new high-speed USB device number 7 using dummy_hcd
[  272.217750][   T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  272.272965][   T24] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  272.303540][   T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  272.323307][   T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  272.363395][   T24] usb 9-1: config 168 descriptor has 1 excess byte, ignoring
[  272.372452][  T979] usb 10-1: device descriptor read/64, error -71
[  272.383383][   T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11
[  272.408025][   T24] usb 9-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  272.433113][   T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  272.457502][   T24] usb 9-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  272.516464][   T24] usb 9-1: string descriptor 0 read error: -22
[  272.532305][   T24] usb 9-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  272.568524][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  272.599349][   T24] adutux 9-1:168.0: ADU100  now attached to /dev/usb/adutux0
[  272.622724][  T979] usb 10-1: new high-speed USB device number 8 using dummy_hcd
[  272.661038][ T8612] netlink: 24 bytes leftover after parsing attributes in process `syz.7.944'.
[  272.763303][  T979] usb 10-1: device descriptor read/64, error -71
[  272.815826][   T24] usb 9-1: USB disconnect, device number 12
[  272.873686][  T979] usb usb10-port1: attempt power cycle
[  273.222525][  T979] usb 10-1: new high-speed USB device number 9 using dummy_hcd
[  273.252737][  T979] usb 10-1: device descriptor read/8, error -71
[  273.412641][   T24] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  273.506473][  T979] usb 10-1: new high-speed USB device number 10 using dummy_hcd
[  273.536702][  T979] usb 10-1: device descriptor read/8, error -71
[  273.592141][   T24] usb 6-1: Using ep0 maxpacket: 32
[  273.607532][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  273.629123][   T24] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  273.649386][   T24] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  273.669692][  T979] usb usb10-port1: unable to enumerate USB device
[  273.677524][   T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  273.707153][   T24] usb 6-1: config 0 descriptor??
[  273.719733][   T24] hub 6-1:0.0: USB hub found
[  273.928846][   T24] hub 6-1:0.0: 1 port detected
[  274.481848][ T8621] netlink: 8 bytes leftover after parsing attributes in process `syz.8.947'.
[  274.508812][ T8621] netlink: 8 bytes leftover after parsing attributes in process `syz.8.947'.
[  274.569662][ T8621] netlink: 12 bytes leftover after parsing attributes in process `syz.8.947'.
[  274.571650][   T24] hub 6-1:0.0: activate --> -90
[  274.787560][  T979] usb 6-1: USB disconnect, device number 36
[  275.111793][ T8623] FAULT_INJECTION: forcing a failure.
[  275.111793][ T8623] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  275.186070][ T8623] CPU: 0 UID: 0 PID: 8623 Comm: syz.9.948 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  275.186095][ T8623] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  275.186105][ T8623] Call Trace:
[  275.186112][ T8623]  <TASK>
[  275.186119][ T8623]  dump_stack_lvl+0x189/0x250
[  275.186144][ T8623]  ? __pfx____ratelimit+0x10/0x10
[  275.186168][ T8623]  ? __pfx_dump_stack_lvl+0x10/0x10
[  275.186186][ T8623]  ? __pfx__printk+0x10/0x10
[  275.186204][ T8623]  ? __might_fault+0xb0/0x130
[  275.186234][ T8623]  should_fail_ex+0x414/0x560
[  275.186258][ T8623]  _copy_from_user+0x2d/0xb0
[  275.186277][ T8623]  get_sg_io_hdr+0xe2/0x820
[  275.186297][ T8623]  ? _raw_write_unlock_irqrestore+0x85/0x110
[  275.186321][ T8623]  ? lockdep_hardirqs_on+0x9c/0x150
[  275.186347][ T8623]  ? __pfx_get_sg_io_hdr+0x10/0x10
[  275.186374][ T8623]  ? sg_add_request+0x62e/0x690
[  275.186394][ T8623]  sg_new_write+0x139/0x7b0
[  275.186412][ T8623]  ? __pfx___might_resched+0x10/0x10
[  275.186431][ T8623]  ? __pfx_sg_new_write+0x10/0x10
[  275.186476][ T8623]  ? __lock_acquire+0xab9/0xd20
[  275.186495][ T8623]  sg_ioctl+0x11af/0x2230
[  275.186521][ T8623]  ? __pfx_sg_ioctl+0x10/0x10
[  275.186537][ T8623]  ? __fget_files+0x2a/0x420
[  275.186563][ T8623]  ? __fget_files+0x2a/0x420
[  275.186583][ T8623]  ? __fget_files+0x3a0/0x420
[  275.186604][ T8623]  ? __fget_files+0x2a/0x420
[  275.186630][ T8623]  ? bpf_lsm_file_ioctl+0x9/0x20
[  275.186646][ T8623]  ? __pfx_sg_ioctl+0x10/0x10
[  275.186660][ T8623]  __se_sys_ioctl+0xfc/0x170
[  275.186683][ T8623]  do_syscall_64+0xfa/0x3b0
[  275.186698][ T8623]  ? lockdep_hardirqs_on+0x9c/0x150
[  275.186721][ T8623]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.186737][ T8623]  ? clear_bhb_loop+0x60/0xb0
[  275.186756][ T8623]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  275.186772][ T8623] RIP: 0033:0x7f75c878e929
[  275.186786][ T8623] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  275.186801][ T8623] RSP: 002b:00007f75c95d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  275.186819][ T8623] RAX: ffffffffffffffda RBX: 00007f75c89b5fa0 RCX: 00007f75c878e929
[  275.186831][ T8623] RDX: 0000200000000340 RSI: 0000000000002285 RDI: 0000000000000003
[  275.186841][ T8623] RBP: 00007f75c95d8090 R08: 0000000000000000 R09: 0000000000000000
[  275.186851][ T8623] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  275.186860][ T8623] R13: 0000000000000000 R14: 00007f75c89b5fa0 R15: 00007ffdc9165498
[  275.186894][ T8623]  </TASK>
[  275.830951][ T8628] netlink: 44 bytes leftover after parsing attributes in process `syz.5.949'.
[  275.902215][ T8628] netlink: 43 bytes leftover after parsing attributes in process `syz.5.949'.
[  275.911584][ T8628] netlink: 'syz.5.949': attribute type 5 has an invalid length.
[  275.931400][ T8628] netlink: 43 bytes leftover after parsing attributes in process `syz.5.949'.
[  276.467572][ T8646] trusted_key: encrypted_key: master key parameter 'user:' is invalid
[  276.523673][ T8646] vxfs: WRONG superblock magic 00000000 at 1
[  276.541142][ T8646] vxfs: WRONG superblock magic 00000000 at 8
[  276.560136][ T8646] vxfs: can't find superblock.
[  277.093100][   T30] audit: type=1326 audit(1750688728.060:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.9.961" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f75c878e929 code=0x0
[  277.228628][   T30] audit: type=1326 audit(1750688728.200:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8653 comm="syz.9.961" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f75c878e929 code=0x0
[  277.722608][    T9] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  277.872126][    T9] usb 9-1: device descriptor read/64, error -71
[  277.996647][ T8670] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  278.132167][    T9] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  278.292152][    T9] usb 9-1: device descriptor read/64, error -71
[  278.430650][    T9] usb usb9-port1: attempt power cycle
[  278.489981][ T8670] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  278.782511][    T9] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  278.826985][    T9] usb 9-1: device descriptor read/8, error -71
[  279.073008][    T9] usb 9-1: new high-speed USB device number 16 using dummy_hcd
[  279.143632][    T9] usb 9-1: device descriptor read/8, error -71
[  279.200954][ T8684] Can't find a SQUASHFS superblock on rnullb0
[  279.257011][    T9] usb usb9-port1: unable to enumerate USB device
[  279.268181][ T8684] netlink: 'syz.5.972': attribute type 4 has an invalid length.
[  280.304600][ T8704] FAULT_INJECTION: forcing a failure.
[  280.304600][ T8704] name failslab, interval 1, probability 0, space 0, times 0
[  280.370085][ T8704] CPU: 0 UID: 0 PID: 8704 Comm: syz.5.980 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  280.370110][ T8704] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  280.370121][ T8704] Call Trace:
[  280.370128][ T8704]  <TASK>
[  280.370135][ T8704]  dump_stack_lvl+0x189/0x250
[  280.370160][ T8704]  ? __pfx____ratelimit+0x10/0x10
[  280.370185][ T8704]  ? __pfx_dump_stack_lvl+0x10/0x10
[  280.370204][ T8704]  ? __pfx__printk+0x10/0x10
[  280.370225][ T8704]  ? __pfx___might_resched+0x10/0x10
[  280.370243][ T8704]  ? fs_reclaim_acquire+0x7d/0x100
[  280.370271][ T8704]  should_fail_ex+0x414/0x560
[  280.370298][ T8704]  should_failslab+0xa8/0x100
[  280.370321][ T8704]  __kmalloc_noprof+0xcb/0x4f0
[  280.370340][ T8704]  ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  280.370370][ T8704]  genl_family_rcv_msg_attrs_parse+0xa3/0x2a0
[  280.370409][ T8704]  genl_family_rcv_msg_doit+0xb8/0x300
[  280.370440][ T8704]  ? __pfx_genl_family_rcv_msg_doit+0x10/0x10
[  280.370467][ T8704]  ? rcu_is_watching+0x15/0xb0
[  280.370488][ T8704]  ? apparmor_capable+0x137/0x1b0
[  280.370512][ T8704]  ? bpf_lsm_capable+0x9/0x20
[  280.370530][ T8704]  ? security_capable+0x7e/0x2e0
[  280.370554][ T8704]  genl_rcv_msg+0x60e/0x790
[  280.370584][ T8704]  ? __pfx_genl_rcv_msg+0x10/0x10
[  280.370607][ T8704]  ? __pfx_nfc_genl_dev_up+0x10/0x10
[  280.370643][ T8704]  netlink_rcv_skb+0x208/0x470
[  280.370664][ T8704]  ? __pfx_genl_rcv_msg+0x10/0x10
[  280.370689][ T8704]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  280.370726][ T8704]  ? down_read+0x1ad/0x2e0
[  280.370747][ T8704]  genl_rcv+0x28/0x40
[  280.370768][ T8704]  netlink_unicast+0x75b/0x8d0
[  280.370798][ T8704]  netlink_sendmsg+0x805/0xb30
[  280.370827][ T8704]  ? __pfx_netlink_sendmsg+0x10/0x10
[  280.370851][ T8704]  ? aa_sock_msg_perm+0x94/0x160
[  280.370870][ T8704]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  280.370893][ T8704]  ? __pfx_netlink_sendmsg+0x10/0x10
[  280.370913][ T8704]  __sock_sendmsg+0x21c/0x270
[  280.370933][ T8704]  ____sys_sendmsg+0x505/0x830
[  280.370961][ T8704]  ? __pfx_____sys_sendmsg+0x10/0x10
[  280.370991][ T8704]  ? import_iovec+0x74/0xa0
[  280.371012][ T8704]  ___sys_sendmsg+0x21f/0x2a0
[  280.371036][ T8704]  ? __pfx____sys_sendmsg+0x10/0x10
[  280.371099][ T8704]  ? __fget_files+0x2a/0x420
[  280.371122][ T8704]  ? __fget_files+0x3a0/0x420
[  280.371156][ T8704]  __x64_sys_sendmsg+0x19b/0x260
[  280.371180][ T8704]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  280.371212][ T8704]  ? __pfx_ksys_write+0x10/0x10
[  280.371230][ T8704]  ? rcu_is_watching+0x15/0xb0
[  280.371254][ T8704]  ? do_syscall_64+0xbe/0x3b0
[  280.371275][ T8704]  do_syscall_64+0xfa/0x3b0
[  280.371289][ T8704]  ? lockdep_hardirqs_on+0x9c/0x150
[  280.371313][ T8704]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.371329][ T8704]  ? clear_bhb_loop+0x60/0xb0
[  280.371350][ T8704]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  280.371367][ T8704] RIP: 0033:0x7fcd7498e929
[  280.371382][ T8704] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  280.371402][ T8704] RSP: 002b:00007fcd727f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  280.371420][ T8704] RAX: ffffffffffffffda RBX: 00007fcd74bb5fa0 RCX: 00007fcd7498e929
[  280.371433][ T8704] RDX: 0000000000008004 RSI: 0000200000000180 RDI: 0000000000000005
[  280.371443][ T8704] RBP: 00007fcd727f6090 R08: 0000000000000000 R09: 0000000000000000
[  280.371454][ T8704] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  280.371464][ T8704] R13: 0000000000000000 R14: 00007fcd74bb5fa0 R15: 00007fffe1e0e3a8
[  280.371493][ T8704]  </TASK>
[  281.232387][ T5864] usb 10-1: new high-speed USB device number 11 using dummy_hcd
[  281.382397][ T5864] usb 10-1: device descriptor read/64, error -71
[  281.573271][ T8718] netlink: 8 bytes leftover after parsing attributes in process `syz.5.984'.
[  281.612352][ T8718] netlink: 8 bytes leftover after parsing attributes in process `syz.5.984'.
[  281.642330][ T5864] usb 10-1: new high-speed USB device number 12 using dummy_hcd
[  281.729775][ T8718] netlink: 12 bytes leftover after parsing attributes in process `syz.5.984'.
[  281.785620][ T5864] usb 10-1: device descriptor read/64, error -71
[  281.899123][ T5864] usb usb10-port1: attempt power cycle
[  282.282513][ T5864] usb 10-1: new high-speed USB device number 13 using dummy_hcd
[  282.327472][ T5864] usb 10-1: device descriptor read/8, error -71
[  282.346136][ T8727] Can't find a SQUASHFS superblock on rnullb0
[  282.394370][ T8727] netlink: 'syz.8.988': attribute type 4 has an invalid length.
[  282.602348][ T5864] usb 10-1: new high-speed USB device number 14 using dummy_hcd
[  282.634127][ T5864] usb 10-1: device descriptor read/8, error -71
[  282.753472][ T5864] usb usb10-port1: unable to enumerate USB device
[  283.294780][ T5837] Bluetooth: hci4: command 0x0406 tx timeout
[  283.313176][ T8736] FAULT_INJECTION: forcing a failure.
[  283.313176][ T8736] name failslab, interval 1, probability 0, space 0, times 0
[  283.381449][ T8736] CPU: 1 UID: 0 PID: 8736 Comm: syz.8.991 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  283.381476][ T8736] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  283.381487][ T8736] Call Trace:
[  283.381494][ T8736]  <TASK>
[  283.381501][ T8736]  dump_stack_lvl+0x189/0x250
[  283.381525][ T8736]  ? __pfx____ratelimit+0x10/0x10
[  283.381550][ T8736]  ? __pfx_dump_stack_lvl+0x10/0x10
[  283.381569][ T8736]  ? __pfx__printk+0x10/0x10
[  283.381590][ T8736]  ? __pfx___might_resched+0x10/0x10
[  283.381608][ T8736]  ? fs_reclaim_acquire+0x7d/0x100
[  283.381636][ T8736]  should_fail_ex+0x414/0x560
[  283.381662][ T8736]  should_failslab+0xa8/0x100
[  283.381685][ T8736]  __kmalloc_cache_noprof+0x70/0x3d0
[  283.381704][ T8736]  ? nft_trans_table_add+0x56/0x430
[  283.381732][ T8736]  nft_trans_table_add+0x56/0x430
[  283.381762][ T8736]  nf_tables_newtable+0xce3/0x1890
[  283.381803][ T8736]  nfnetlink_rcv+0x112f/0x2520
[  283.381858][ T8736]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  283.381899][ T8736]  ? ref_tracker_free+0x63a/0x7d0
[  283.381950][ T8736]  ? __netlink_deliver_tap+0x807/0x850
[  283.381979][ T8736]  ? netlink_deliver_tap+0x2e/0x1b0
[  283.381998][ T8736]  ? netlink_deliver_tap+0x2e/0x1b0
[  283.382023][ T8736]  netlink_unicast+0x75b/0x8d0
[  283.382055][ T8736]  netlink_sendmsg+0x805/0xb30
[  283.382083][ T8736]  ? __pfx_netlink_sendmsg+0x10/0x10
[  283.382112][ T8736]  ? aa_sock_msg_perm+0x94/0x160
[  283.382131][ T8736]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  283.382155][ T8736]  ? __pfx_netlink_sendmsg+0x10/0x10
[  283.382176][ T8736]  __sock_sendmsg+0x21c/0x270
[  283.382197][ T8736]  ____sys_sendmsg+0x505/0x830
[  283.382224][ T8736]  ? __pfx_____sys_sendmsg+0x10/0x10
[  283.382255][ T8736]  ? import_iovec+0x74/0xa0
[  283.382275][ T8736]  ___sys_sendmsg+0x21f/0x2a0
[  283.382298][ T8736]  ? __pfx____sys_sendmsg+0x10/0x10
[  283.382354][ T8736]  ? __fget_files+0x2a/0x420
[  283.382375][ T8736]  ? __fget_files+0x3a0/0x420
[  283.382409][ T8736]  __x64_sys_sendmsg+0x19b/0x260
[  283.382433][ T8736]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  283.382462][ T8736]  ? __pfx_ksys_write+0x10/0x10
[  283.382481][ T8736]  ? rcu_is_watching+0x15/0xb0
[  283.382505][ T8736]  ? do_syscall_64+0xbe/0x3b0
[  283.382526][ T8736]  do_syscall_64+0xfa/0x3b0
[  283.382540][ T8736]  ? lockdep_hardirqs_on+0x9c/0x150
[  283.382563][ T8736]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.382580][ T8736]  ? clear_bhb_loop+0x60/0xb0
[  283.382599][ T8736]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  283.382614][ T8736] RIP: 0033:0x7f989578e929
[  283.382629][ T8736] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  283.382643][ T8736] RSP: 002b:00007f9896534038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  283.382661][ T8736] RAX: ffffffffffffffda RBX: 00007f98959b5fa0 RCX: 00007f989578e929
[  283.382674][ T8736] RDX: 00000000000000c4 RSI: 00002000000000c0 RDI: 0000000000000003
[  283.382685][ T8736] RBP: 00007f9896534090 R08: 0000000000000000 R09: 0000000000000000
[  283.382695][ T8736] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[  283.382705][ T8736] R13: 0000000000000000 R14: 00007f98959b5fa0 R15: 00007ffdcc204348
[  283.382733][ T8736]  </TASK>
[  283.448177][  T982] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  284.222635][  T982] usb 6-1: device descriptor read/64, error -71
[  284.472188][  T982] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  284.504691][ T8754] netlink: 8 bytes leftover after parsing attributes in process `syz.8.998'.
[  284.537144][ T8754] netlink: 8 bytes leftover after parsing attributes in process `syz.8.998'.
[  284.622773][  T982] usb 6-1: device descriptor read/64, error -71
[  284.650349][ T8754] netlink: 12 bytes leftover after parsing attributes in process `syz.8.998'.
[  284.762743][  T982] usb usb6-port1: attempt power cycle
[  285.096607][ T8757] Can't find a SQUASHFS superblock on rnullb0
[  285.139233][  T982] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  285.212839][  T982] usb 6-1: device descriptor read/8, error -71
[  285.291927][ T8758] netlink: 'syz.9.999': attribute type 4 has an invalid length.
[  285.503071][  T982] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  285.544882][  T982] usb 6-1: device descriptor read/8, error -71
[  285.672734][  T982] usb usb6-port1: unable to enumerate USB device
[  285.792266][    T9] usb 9-1: new high-speed USB device number 17 using dummy_hcd
[  285.952341][    T9] usb 9-1: Using ep0 maxpacket: 32
[  285.980504][    T9] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  286.013597][    T9] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  286.032369][    T9] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  286.051862][    T9] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  286.075291][    T9] usb 9-1: config 0 descriptor??
[  286.153479][ T8764] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue
[  286.226871][ T8764] syzkaller0: entered promiscuous mode
[  286.246799][ T8764] syzkaller0: entered allmulticast mode
[  286.673723][    T9] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  286.885555][    T9] usb 6-1: Using ep0 maxpacket: 16
[  286.904277][    T9] usb 6-1: config 64 has an invalid interface number: 13 but max is 0
[  286.930062][    T9] usb 6-1: config 64 has no interface number 0
[  286.942517][    T9] usb 6-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  286.975861][    T9] usb 6-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  286.988644][    T9] usb 6-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  287.009143][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  287.030826][    T9] usb 6-1: Product: syz
[  287.040111][    T9] usb 6-1: Manufacturer: syz
[  287.056374][    T9] usb 6-1: SerialNumber: syz
[  287.076748][    T9] option 6-1:64.13: GSM modem (1-port) converter detected
[  287.291834][    T9] usb 6-1: USB disconnect, device number 41
[  287.315303][    T9] option 6-1:64.13: device disconnected
[  287.812251][    T9] usb 6-1: new full-speed USB device number 42 using dummy_hcd
[  287.992843][    T9] usb 6-1: config 64 has an invalid interface number: 13 but max is 0
[  288.012173][    T9] usb 6-1: config 64 has no interface number 0
[  288.022523][    T9] usb 6-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  288.064875][    T9] usb 6-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  288.086820][    T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  288.110249][    T9] usb 6-1: Product: syz
[  288.126334][    T9] usb 6-1: Manufacturer: syz
[  288.135450][    T9] usb 6-1: SerialNumber: syz
[  288.171613][    T9] option 6-1:64.13: GSM modem (1-port) converter detected
[  288.372549][    T9] usb 6-1: USB disconnect, device number 42
[  288.391128][    T9] option 6-1:64.13: device disconnected
[  288.592562][  T982] usb 9-1: USB disconnect, device number 17
[  289.026330][ T8784] 9pnet_fd: Insufficient options for proto=fd
[  289.647977][ T8788] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1009'.
[  289.721251][ T8788] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1009'.
[  289.837275][ T8789] netlink: 12 bytes leftover after parsing attributes in process `syz.8.1009'.
[  292.062637][ T8791] Can't find a SQUASHFS superblock on rnullb0
[  292.134802][ T8791] netlink: 'syz.7.1010': attribute type 4 has an invalid length.
[  292.352617][  T979] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  292.482985][  T979] usb 6-1: device descriptor read/64, error -71
[  292.555529][  T982] usb 10-1: new high-speed USB device number 15 using dummy_hcd
[  292.714042][  T982] usb 10-1: Using ep0 maxpacket: 16
[  292.735052][  T979] usb 6-1: new high-speed USB device number 44 using dummy_hcd
[  292.738213][  T982] usb 10-1: config 64 has an invalid interface number: 13 but max is 0
[  292.762136][ T5864] usb 9-1: new high-speed USB device number 18 using dummy_hcd
[  292.782197][  T982] usb 10-1: config 64 has no interface number 0
[  292.808058][  T982] usb 10-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  292.839950][  T982] usb 10-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 1024
[  292.875804][  T979] usb 6-1: device descriptor read/64, error -71
[  292.879420][  T982] usb 10-1: config 64 interface 13 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1024
[  292.912141][ T5864] usb 9-1: Using ep0 maxpacket: 32
[  292.919651][  T982] usb 10-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  292.924217][ T5864] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  292.943655][  T982] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.970133][ T5864] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  292.992087][  T982] usb 10-1: Product: syz
[  293.001367][ T5864] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  293.003354][  T982] usb 10-1: Manufacturer: syz
[  293.016941][  T979] usb usb6-port1: attempt power cycle
[  293.036626][  T982] usb 10-1: SerialNumber: syz
[  293.039798][ T5864] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  293.077374][  T982] option 10-1:64.13: GSM modem (1-port) converter detected
[  293.081901][ T5864] usb 9-1: config 0 descriptor??
[  293.277531][  T982] usb 10-1: USB disconnect, device number 15
[  293.301684][  T982] option 10-1:64.13: device disconnected
[  293.383086][  T979] usb 6-1: new high-speed USB device number 45 using dummy_hcd
[  293.413583][  T979] usb 6-1: device descriptor read/8, error -71
[  293.653516][  T979] usb 6-1: new high-speed USB device number 46 using dummy_hcd
[  293.690870][  T979] usb 6-1: device descriptor read/8, error -71
[  293.744937][  T982] usb 10-1: new full-speed USB device number 16 using dummy_hcd
[  293.812669][  T979] usb usb6-port1: unable to enumerate USB device
[  293.929758][  T982] usb 10-1: config 0 has an invalid interface number: 229 but max is 0
[  293.948150][  T982] usb 10-1: config 0 has no interface number 0
[  293.965903][  T982] usb 10-1: config 0 interface 229 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 64
[  293.995800][  T982] usb 10-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  294.010582][  T982] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.043261][  T982] usb 10-1: Product: syz
[  294.047554][  T982] usb 10-1: Manufacturer: syz
[  294.084486][  T982] usb 10-1: SerialNumber: syz
[  294.094511][  T982] usb 10-1: config 0 descriptor??
[  294.309672][  T982] qcserial 10-1:0.229: Qualcomm USB modem converter detected
[  294.331865][  T982] usb 10-1: Qualcomm USB modem converter now attached to ttyUSB0
[  294.385673][  T982] usb 10-1: USB disconnect, device number 16
[  294.413206][  T982] qcserial ttyUSB0: Qualcomm USB modem converter now disconnected from ttyUSB0
[  294.436333][  T982] qcserial 10-1:0.229: device disconnected
[  294.851650][ T8822] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1022'.
[  294.912216][ T8822] netlink: 8 bytes leftover after parsing attributes in process `syz.7.1022'.
[  294.988678][ T8822] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1022'.
[  295.022355][ T8824] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1023'.
[  295.271205][ T8829] FAULT_INJECTION: forcing a failure.
[  295.271205][ T8829] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  295.304394][ T8831] Can't find a SQUASHFS superblock on rnullb0
[  295.343091][ T8829] CPU: 1 UID: 0 PID: 8829 Comm: syz.5.1025 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  295.343117][ T8829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  295.343127][ T8829] Call Trace:
[  295.343134][ T8829]  <TASK>
[  295.343141][ T8829]  dump_stack_lvl+0x189/0x250
[  295.343165][ T8829]  ? __pfx____ratelimit+0x10/0x10
[  295.343189][ T8829]  ? __pfx_dump_stack_lvl+0x10/0x10
[  295.343206][ T8829]  ? __pfx__printk+0x10/0x10
[  295.343233][ T8829]  should_fail_ex+0x414/0x560
[  295.343255][ T8829]  strncpy_from_user+0x36/0x290
[  295.343274][ T8829]  getname_flags+0xf3/0x540
[  295.343295][ T8829]  user_path_at+0x24/0x60
[  295.343313][ T8829]  __x64_sys_umount+0xee/0x160
[  295.343333][ T8829]  ? __pfx___x64_sys_umount+0x10/0x10
[  295.343351][ T8829]  ? rcu_is_watching+0x15/0xb0
[  295.343369][ T8829]  ? do_syscall_64+0xbe/0x3b0
[  295.343385][ T8829]  do_syscall_64+0xfa/0x3b0
[  295.343395][ T8829]  ? lockdep_hardirqs_on+0x9c/0x150
[  295.343414][ T8829]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.343426][ T8829]  ? clear_bhb_loop+0x60/0xb0
[  295.343442][ T8829]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  295.343454][ T8829] RIP: 0033:0x7fcd7498e929
[  295.343466][ T8829] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  295.343478][ T8829] RSP: 002b:00007fcd727f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  295.343493][ T8829] RAX: ffffffffffffffda RBX: 00007fcd74bb5fa0 RCX: 00007fcd7498e929
[  295.343502][ T8829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000380
[  295.343510][ T8829] RBP: 00007fcd727f6090 R08: 0000000000000000 R09: 0000000000000000
[  295.343518][ T8829] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  295.343526][ T8829] R13: 0000000000000000 R14: 00007fcd74bb5fa0 R15: 00007fffe1e0e3a8
[  295.343546][ T8829]  </TASK>
[  295.361724][ T8831] netlink: 'syz.9.1024': attribute type 4 has an invalid length.
[  295.616649][    T9] usb 9-1: USB disconnect, device number 18
[  296.292379][ T8848] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1031'.
[  296.542418][    T9] usb 9-1: new high-speed USB device number 19 using dummy_hcd
[  296.703746][    T9] usb 9-1: Using ep0 maxpacket: 16
[  296.720413][    T9] usb 9-1: config 64 has an invalid interface number: 13 but max is 0
[  296.725642][ T8856] overlayfs: failed to resolve './file0/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  296.747138][    T9] usb 9-1: config 64 has no interface number 0
[  296.838299][    C0] vkms_vblank_simulate: vblank timer overrun
[  297.033843][    T9] usb 9-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  297.054234][    T9] usb 9-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 1024
[  297.080513][    T9] usb 9-1: config 64 interface 13 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1024
[  297.115022][    T9] usb 9-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  297.126786][ T8858] FAULT_INJECTION: forcing a failure.
[  297.126786][ T8858] name failslab, interval 1, probability 0, space 0, times 0
[  297.130695][    T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  297.170615][ T8858] CPU: 1 UID: 0 PID: 8858 Comm: syz.5.1035 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  297.170641][ T8858] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  297.170652][ T8858] Call Trace:
[  297.170658][ T8858]  <TASK>
[  297.170666][ T8858]  dump_stack_lvl+0x189/0x250
[  297.170689][ T8858]  ? __pfx____ratelimit+0x10/0x10
[  297.170714][ T8858]  ? __pfx_dump_stack_lvl+0x10/0x10
[  297.170733][ T8858]  ? __pfx__printk+0x10/0x10
[  297.170757][ T8858]  ? __pfx___might_resched+0x10/0x10
[  297.170775][ T8858]  ? fs_reclaim_acquire+0x7d/0x100
[  297.170802][ T8858]  should_fail_ex+0x414/0x560
[  297.170827][ T8858]  should_failslab+0xa8/0x100
[  297.170857][ T8858]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  297.170877][ T8858]  ? __pfx_nf_tables_abort+0x10/0x10
[  297.170897][ T8858]  ? __alloc_skb+0x112/0x2d0
[  297.170920][ T8858]  __alloc_skb+0x112/0x2d0
[  297.170943][ T8858]  netlink_ack+0x146/0xa50
[  297.170967][ T8858]  ? __kasan_kmalloc+0x93/0xb0
[  297.170995][ T8858]  nfnetlink_rcv+0x2290/0x2520
[  297.171049][ T8858]  ? __pfx_nfnetlink_rcv+0x10/0x10
[  297.171085][ T8858]  ? ref_tracker_free+0x63a/0x7d0
[  297.171130][ T8858]  ? __netlink_deliver_tap+0x807/0x850
[  297.171155][ T8858]  ? netlink_deliver_tap+0x2e/0x1b0
[  297.171174][ T8858]  ? netlink_deliver_tap+0x2e/0x1b0
[  297.171197][ T8858]  netlink_unicast+0x75b/0x8d0
[  297.171226][ T8858]  netlink_sendmsg+0x805/0xb30
[  297.171254][ T8858]  ? __pfx_netlink_sendmsg+0x10/0x10
[  297.171278][ T8858]  ? aa_sock_msg_perm+0x94/0x160
[  297.171297][ T8858]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  297.171321][ T8858]  ? __pfx_netlink_sendmsg+0x10/0x10
[  297.171341][ T8858]  __sock_sendmsg+0x21c/0x270
[  297.171361][ T8858]  ____sys_sendmsg+0x505/0x830
[  297.171388][ T8858]  ? __pfx_____sys_sendmsg+0x10/0x10
[  297.171417][ T8858]  ? import_iovec+0x74/0xa0
[  297.171438][ T8858]  ___sys_sendmsg+0x21f/0x2a0
[  297.171462][ T8858]  ? __pfx____sys_sendmsg+0x10/0x10
[  297.171515][ T8858]  ? __fget_files+0x2a/0x420
[  297.171538][ T8858]  ? __fget_files+0x3a0/0x420
[  297.171571][ T8858]  __x64_sys_sendmsg+0x19b/0x260
[  297.171593][ T8858]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  297.171622][ T8858]  ? __pfx_ksys_write+0x10/0x10
[  297.171641][ T8858]  ? rcu_is_watching+0x15/0xb0
[  297.171664][ T8858]  ? do_syscall_64+0xbe/0x3b0
[  297.171685][ T8858]  do_syscall_64+0xfa/0x3b0
[  297.171699][ T8858]  ? lockdep_hardirqs_on+0x9c/0x150
[  297.171722][ T8858]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.171738][ T8858]  ? clear_bhb_loop+0x60/0xb0
[  297.171758][ T8858]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  297.171774][ T8858] RIP: 0033:0x7fcd7498e929
[  297.171789][ T8858] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  297.171804][ T8858] RSP: 002b:00007fcd727f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  297.171821][ T8858] RAX: ffffffffffffffda RBX: 00007fcd74bb5fa0 RCX: 00007fcd7498e929
[  297.171833][ T8858] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003
[  297.171850][ T8858] RBP: 00007fcd727f6090 R08: 0000000000000000 R09: 0000000000000000
[  297.171861][ T8858] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  297.171871][ T8858] R13: 0000000000000000 R14: 00007fcd74bb5fa0 R15: 00007fffe1e0e3a8
[  297.171898][ T8858]  </TASK>
[  297.184389][    T9] usb 9-1: Product: syz
[  297.478110][   T24] usb 10-1: new high-speed USB device number 17 using dummy_hcd
[  297.560464][    T9] usb 9-1: Manufacturer: syz
[  297.579208][    T9] usb 9-1: SerialNumber: syz
[  297.634599][    T9] option 9-1:64.13: GSM modem (1-port) converter detected
[  297.662172][   T24] usb 10-1: Using ep0 maxpacket: 32
[  297.678287][   T24] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  297.691491][   T24] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  297.724369][   T24] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  297.754789][   T24] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.775958][   T24] usb 10-1: config 0 descriptor??
[  297.860965][    T9] usb 9-1: USB disconnect, device number 19
[  297.876520][    T9] option 9-1:64.13: device disconnected
[  298.362325][    T9] usb 9-1: new full-speed USB device number 20 using dummy_hcd
[  298.549768][    T9] usb 9-1: config 0 has an invalid interface number: 229 but max is 0
[  298.576630][ T8869] Can't find a SQUASHFS superblock on rnullb0
[  298.580931][    T9] usb 9-1: config 0 has no interface number 0
[  298.604332][ T8869] netlink: 'syz.5.1039': attribute type 4 has an invalid length.
[  298.610591][    T9] usb 9-1: config 0 interface 229 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 64
[  298.650861][    T9] usb 9-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  298.664832][    T9] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  298.673419][    T9] usb 9-1: Product: syz
[  298.677938][    T9] usb 9-1: Manufacturer: syz
[  298.685089][    T9] usb 9-1: SerialNumber: syz
[  298.699696][    T9] usb 9-1: config 0 descriptor??
[  298.924974][    T9] qcserial 9-1:0.229: Qualcomm USB modem converter detected
[  298.956909][    T9] usb 9-1: Qualcomm USB modem converter now attached to ttyUSB0
[  298.984122][    T9] usb 9-1: USB disconnect, device number 20
[  299.020912][    T9] qcserial ttyUSB0: Qualcomm USB modem converter now disconnected from ttyUSB0
[  299.041776][    T9] qcserial 9-1:0.229: device disconnected
[  299.629510][ T8879] FAULT_INJECTION: forcing a failure.
[  299.629510][ T8879] name failslab, interval 1, probability 0, space 0, times 0
[  299.721402][ T8879] CPU: 1 UID: 0 PID: 8879 Comm: syz.8.1041 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  299.721428][ T8879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  299.721438][ T8879] Call Trace:
[  299.721445][ T8879]  <TASK>
[  299.721452][ T8879]  dump_stack_lvl+0x189/0x250
[  299.721476][ T8879]  ? __pfx____ratelimit+0x10/0x10
[  299.721502][ T8879]  ? __pfx_dump_stack_lvl+0x10/0x10
[  299.721521][ T8879]  ? __pfx__printk+0x10/0x10
[  299.721543][ T8879]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  299.721573][ T8879]  should_fail_ex+0x414/0x560
[  299.721605][ T8879]  should_failslab+0xa8/0x100
[  299.721628][ T8879]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  299.721649][ T8879]  ? __alloc_skb+0x112/0x2d0
[  299.721673][ T8879]  __alloc_skb+0x112/0x2d0
[  299.721696][ T8879]  mroute_netlink_event+0xb6/0x190
[  299.721723][ T8879]  ipmr_mfc_add+0x222c/0x2850
[  299.721753][ T8879]  ? ipmr_mfc_add+0x11b/0x2850
[  299.721780][ T8879]  ? __pfx_ipmr_mfc_add+0x10/0x10
[  299.721830][ T8879]  ip_mroute_setsockopt+0xcf1/0xf60
[  299.721860][ T8879]  ? __pfx_ip_mroute_setsockopt+0x10/0x10
[  299.721901][ T8879]  do_ip_setsockopt+0xf11/0x2d00
[  299.721926][ T8879]  ? __pfx_do_ip_setsockopt+0x10/0x10
[  299.721948][ T8879]  ? aa_sk_perm+0x81e/0x950
[  299.721977][ T8879]  ? __pfx_aa_sk_perm+0x10/0x10
[  299.721999][ T8879]  ? __lock_acquire+0xab9/0xd20
[  299.722026][ T8879]  ip_setsockopt+0x66/0x110
[  299.722044][ T8879]  ? __pfx_sock_common_setsockopt+0x10/0x10
[  299.722062][ T8879]  do_sock_setsockopt+0x25a/0x3e0
[  299.722085][ T8879]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  299.722110][ T8879]  ? __fget_files+0x2a/0x420
[  299.722141][ T8879]  __x64_sys_setsockopt+0x18b/0x220
[  299.722168][ T8879]  do_syscall_64+0xfa/0x3b0
[  299.722183][ T8879]  ? lockdep_hardirqs_on+0x9c/0x150
[  299.722206][ T8879]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.722223][ T8879]  ? clear_bhb_loop+0x60/0xb0
[  299.722243][ T8879]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  299.722259][ T8879] RIP: 0033:0x7f989578e929
[  299.722274][ T8879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  299.722288][ T8879] RSP: 002b:00007f9896534038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  299.722306][ T8879] RAX: ffffffffffffffda RBX: 00007f98959b5fa0 RCX: 00007f989578e929
[  299.722318][ T8879] RDX: 00000000000000cc RSI: 0000000000000000 RDI: 0000000000000003
[  299.722328][ T8879] RBP: 00007f9896534090 R08: 000000000000003c R09: 0000000000000000
[  299.722338][ T8879] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000001
[  299.722347][ T8879] R13: 0000000000000000 R14: 00007f98959b5fa0 R15: 00007ffdcc204348
[  299.722375][ T8879]  </TASK>
[  300.002452][  T982] usb 6-1: new high-speed USB device number 47 using dummy_hcd
[  300.192520][  T982] usb 6-1: Using ep0 maxpacket: 8
[  300.199839][  T982] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  300.259481][  T982] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  300.300013][  T982] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.368811][  T982] usb 6-1: Product: syz
[  300.384585][    T9] usb 10-1: USB disconnect, device number 17
[  300.403391][  T982] usb 6-1: Manufacturer: syz
[  300.428266][  T982] usb 6-1: SerialNumber: syz
[  300.515676][ T8888] FAULT_INJECTION: forcing a failure.
[  300.515676][ T8888] name failslab, interval 1, probability 0, space 0, times 0
[  300.570903][ T8888] CPU: 1 UID: 0 PID: 8888 Comm: syz.8.1044 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  300.570930][ T8888] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  300.570940][ T8888] Call Trace:
[  300.570947][ T8888]  <TASK>
[  300.570954][ T8888]  dump_stack_lvl+0x189/0x250
[  300.570978][ T8888]  ? __pfx____ratelimit+0x10/0x10
[  300.571003][ T8888]  ? __pfx_dump_stack_lvl+0x10/0x10
[  300.571022][ T8888]  ? __pfx__printk+0x10/0x10
[  300.571042][ T8888]  ? __pfx___might_resched+0x10/0x10
[  300.571060][ T8888]  ? fs_reclaim_acquire+0x7d/0x100
[  300.571088][ T8888]  should_fail_ex+0x414/0x560
[  300.571112][ T8888]  should_failslab+0xa8/0x100
[  300.571135][ T8888]  __kmalloc_cache_noprof+0x70/0x3d0
[  300.571153][ T8888]  ? iopt_alloc_pages+0x85/0x490
[  300.571182][ T8888]  iopt_alloc_pages+0x85/0x490
[  300.571209][ T8888]  iopt_alloc_user_pages+0x42/0xe0
[  300.571234][ T8888]  iopt_map_user_pages+0x4e/0xd0
[  300.571258][ T8888]  iommufd_ioas_map+0x392/0x4c0
[  300.571289][ T8888]  ? __pfx_iommufd_ioas_map+0x10/0x10
[  300.571320][ T8888]  iommufd_fops_ioctl+0x446/0x520
[  300.571347][ T8888]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  300.571380][ T8888]  ? __fget_files+0x3a0/0x420
[  300.571402][ T8888]  ? __fget_files+0x2a/0x420
[  300.571424][ T8888]  ? bpf_lsm_file_ioctl+0x9/0x20
[  300.571441][ T8888]  ? __pfx_iommufd_fops_ioctl+0x10/0x10
[  300.571464][ T8888]  __se_sys_ioctl+0xfc/0x170
[  300.571486][ T8888]  do_syscall_64+0xfa/0x3b0
[  300.571501][ T8888]  ? lockdep_hardirqs_on+0x9c/0x150
[  300.571523][ T8888]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.571547][ T8888]  ? clear_bhb_loop+0x60/0xb0
[  300.571568][ T8888]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  300.571583][ T8888] RIP: 0033:0x7f989578e929
[  300.571598][ T8888] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  300.571613][ T8888] RSP: 002b:00007f9896534038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  300.571630][ T8888] RAX: ffffffffffffffda RBX: 00007f98959b5fa0 RCX: 00007f989578e929
[  300.571642][ T8888] RDX: 0000200000000240 RSI: 0000000000003b85 RDI: 0000000000000003
[  300.571652][ T8888] RBP: 00007f9896534090 R08: 0000000000000000 R09: 0000000000000000
[  300.571663][ T8888] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  300.571673][ T8888] R13: 0000000000000000 R14: 00007f98959b5fa0 R15: 00007ffdcc204348
[  300.571699][ T8888]  </TASK>
[  300.953480][ T8884] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  301.004884][ T8884] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  301.159461][   T10] usb 10-1: new high-speed USB device number 18 using dummy_hcd
[  301.173305][ T8901] Can't find a SQUASHFS superblock on rnullb0
[  301.261368][ T8901] netlink: 'syz.7.1048': attribute type 4 has an invalid length.
[  301.270382][  T982] cdc_ncm 6-1:1.0: bind() failure
[  301.290696][  T982] cdc_ncm 6-1:1.1: CDC Union missing and no IAD found
[  301.322413][  T982] cdc_ncm 6-1:1.1: bind() failure
[  301.342304][   T10] usb 10-1: Using ep0 maxpacket: 8
[  301.352000][   T10] usb 10-1: config index 0 descriptor too short (expected 301, got 45)
[  301.363663][   T10] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  301.381899][  T982] usb 6-1: USB disconnect, device number 47
[  301.400222][   T10] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  301.430342][   T10] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  301.464141][   T10] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  301.498862][   T10] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  301.527314][   T10] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  301.769503][   T10] usb 10-1: GET_CAPABILITIES returned 0
[  301.775773][   T10] usbtmc 10-1:16.0: can't read capabilities
[  301.975891][ T5926] usb 10-1: USB disconnect, device number 18
[  302.022639][  T982] usb 6-1: new high-speed USB device number 48 using dummy_hcd
[  302.075084][   T10] usb 9-1: new high-speed USB device number 21 using dummy_hcd
[  302.196395][  T982] usb 6-1: Using ep0 maxpacket: 16
[  302.224381][  T982] usb 6-1: config 64 has an invalid interface number: 13 but max is 0
[  302.234057][   T10] usb 9-1: device descriptor read/64, error -71
[  302.240498][  T982] usb 6-1: config 64 has no interface number 0
[  302.277590][  T982] usb 6-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  302.308167][  T982] usb 6-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 1024
[  302.338710][  T982] usb 6-1: config 64 interface 13 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1024
[  302.361454][  T982] usb 6-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  302.373144][  T982] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  302.393039][  T982] usb 6-1: Product: syz
[  302.402154][  T982] usb 6-1: Manufacturer: syz
[  302.406784][  T982] usb 6-1: SerialNumber: syz
[  302.438203][  T982] option 6-1:64.13: GSM modem (1-port) converter detected
[  302.472428][   T10] usb 9-1: new high-speed USB device number 22 using dummy_hcd
[  302.627165][   T10] usb 9-1: device descriptor read/64, error -71
[  302.671764][  T979] usb 6-1: USB disconnect, device number 48
[  302.703785][  T979] option 6-1:64.13: device disconnected
[  302.772801][   T10] usb usb9-port1: attempt power cycle
[  302.876521][ T8921] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1055'.
[  302.924103][ T8921] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1055'.
[  303.122356][   T10] usb 9-1: new high-speed USB device number 23 using dummy_hcd
[  303.173770][   T10] usb 9-1: device descriptor read/8, error -71
[  303.202149][  T979] usb 6-1: new full-speed USB device number 49 using dummy_hcd
[  303.374134][  T979] usb 6-1: config 0 has an invalid interface number: 229 but max is 0
[  303.383419][  T979] usb 6-1: config 0 has no interface number 0
[  303.389545][  T979] usb 6-1: config 0 interface 229 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 64
[  303.422192][   T10] usb 9-1: new high-speed USB device number 24 using dummy_hcd
[  303.462641][   T10] usb 9-1: device descriptor read/8, error -71
[  303.467952][  T979] usb 6-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  303.484728][  T979] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  303.512171][  T979] usb 6-1: Product: syz
[  303.526619][  T979] usb 6-1: Manufacturer: syz
[  303.531261][  T979] usb 6-1: SerialNumber: syz
[  303.558215][  T979] usb 6-1: config 0 descriptor??
[  303.585361][   T10] usb usb9-port1: unable to enumerate USB device
[  303.788472][  T979] qcserial 6-1:0.229: Qualcomm USB modem converter detected
[  303.793114][ T8927] kvm: Disabled LAPIC found during irq injection
[  303.822807][  T979] usb 6-1: Qualcomm USB modem converter now attached to ttyUSB0
[  303.851056][  T979] usb 6-1: USB disconnect, device number 49
[  303.875935][  T979] qcserial ttyUSB0: Qualcomm USB modem converter now disconnected from ttyUSB0
[  303.900056][  T979] qcserial 6-1:0.229: device disconnected
[  304.380238][ T8934] Can't find a SQUASHFS superblock on rnullb0
[  304.494991][ T8934] netlink: 'syz.5.1060': attribute type 4 has an invalid length.
[  305.285967][ T5902] usb 9-1: new high-speed USB device number 25 using dummy_hcd
[  305.459601][ T8946] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1064'.
[  305.484294][ T8946] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1064'.
[  305.492277][ T5902] usb 9-1: Using ep0 maxpacket: 32
[  305.507983][ T5902] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  305.526397][ T5902] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  305.562279][ T5902] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  305.594683][ T5902] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  305.633953][ T5902] usb 9-1: config 0 descriptor??
[  305.666768][ T5902] hub 9-1:0.0: USB hub found
[  306.005239][ T8955] FAULT_INJECTION: forcing a failure.
[  306.005239][ T8955] name failslab, interval 1, probability 0, space 0, times 0
[  306.062396][ T8955] CPU: 0 UID: 0 PID: 8955 Comm: syz.7.1068 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  306.062421][ T8955] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  306.062432][ T8955] Call Trace:
[  306.062438][ T8955]  <TASK>
[  306.062445][ T8955]  dump_stack_lvl+0x189/0x250
[  306.062470][ T8955]  ? __pfx____ratelimit+0x10/0x10
[  306.062493][ T8955]  ? __pfx_dump_stack_lvl+0x10/0x10
[  306.062512][ T8955]  ? __pfx__printk+0x10/0x10
[  306.062533][ T8955]  ? __pfx___might_resched+0x10/0x10
[  306.062550][ T8955]  ? fs_reclaim_acquire+0x7d/0x100
[  306.062576][ T8955]  should_fail_ex+0x414/0x560
[  306.062601][ T8955]  should_failslab+0xa8/0x100
[  306.062624][ T8955]  kmem_cache_alloc_node_noprof+0x76/0x3c0
[  306.062645][ T8955]  ? dup_task_struct+0x52/0x860
[  306.062669][ T8955]  dup_task_struct+0x52/0x860
[  306.062688][ T8955]  ? lockdep_hardirqs_on+0x9c/0x150
[  306.062714][ T8955]  copy_process+0x54b/0x3c00
[  306.062762][ T8955]  ? __pfx_copy_process+0x10/0x10
[  306.062792][ T8955]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  306.062809][ T8955]  vhost_task_create+0x1c4/0x290
[  306.062830][ T8955]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  306.062847][ T8955]  ? __pfx_vhost_task_create+0x10/0x10
[  306.062876][ T8955]  ? __pfx_vhost_task_fn+0x10/0x10
[  306.062907][ T8955]  ? kasan_save_track+0x4f/0x80
[  306.062927][ T8955]  ? kasan_save_track+0x3e/0x80
[  306.062947][ T8955]  kvm_mmu_post_init_vm+0x147/0x2b0
[  306.062969][ T8955]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  306.062995][ T8955]  ? __mutex_trylock_common+0x153/0x260
[  306.063019][ T8955]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  306.063049][ T8955]  ? rcu_is_watching+0x15/0xb0
[  306.063067][ T8955]  ? look_up_lock_class+0x74/0x170
[  306.063090][ T8955]  ? register_lock_class+0x51/0x320
[  306.063113][ T8955]  ? __lock_acquire+0xab9/0xd20
[  306.063158][ T8955]  kvm_vcpu_ioctl+0x95c/0xe90
[  306.063185][ T8955]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  306.063203][ T8955]  ? __lock_acquire+0xab9/0xd20
[  306.063240][ T8955]  ? __fget_files+0x2a/0x420
[  306.063265][ T8955]  ? __fget_files+0x2a/0x420
[  306.063286][ T8955]  ? __fget_files+0x3a0/0x420
[  306.063306][ T8955]  ? __fget_files+0x2a/0x420
[  306.063333][ T8955]  ? bpf_lsm_file_ioctl+0x9/0x20
[  306.063349][ T8955]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  306.063369][ T8955]  __se_sys_ioctl+0xfc/0x170
[  306.063392][ T8955]  do_syscall_64+0xfa/0x3b0
[  306.063407][ T8955]  ? lockdep_hardirqs_on+0x9c/0x150
[  306.063429][ T8955]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.063446][ T8955]  ? clear_bhb_loop+0x60/0xb0
[  306.063466][ T8955]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  306.063482][ T8955] RIP: 0033:0x7f590278e929
[  306.063496][ T8955] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  306.063510][ T8955] RSP: 002b:00007f5903574038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  306.063528][ T8955] RAX: ffffffffffffffda RBX: 00007f59029b6080 RCX: 00007f590278e929
[  306.063540][ T8955] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007
[  306.063550][ T8955] RBP: 00007f5903574090 R08: 0000000000000000 R09: 0000000000000000
[  306.063560][ T8955] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  306.063569][ T8955] R13: 0000000000000001 R14: 00007f59029b6080 R15: 00007fffea89e8a8
[  306.063597][ T8955]  </TASK>
[  306.081198][ T5902] hub 9-1:0.0: config failed, can't read hub descriptor (err -22)
[  306.702159][ T5926] usb 6-1: new high-speed USB device number 50 using dummy_hcd
[  306.784804][ T8961] Can't find a SQUASHFS superblock on rnullb0
[  306.840548][ T8963] netlink: 48 bytes leftover after parsing attributes in process `syz.8.1072'.
[  306.852463][ T5926] usb 6-1: device descriptor read/64, error -71
[  306.855803][ T8961] netlink: 'syz.9.1071': attribute type 4 has an invalid length.
[  306.867548][ T5902] usbhid 9-1:0.0: can't add hid device: -71
[  306.873905][ T5902] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  306.923257][ T5902] usb 9-1: USB disconnect, device number 25
[  307.102372][ T5926] usb 6-1: new high-speed USB device number 51 using dummy_hcd
[  307.272712][ T5926] usb 6-1: device descriptor read/64, error -71
[  307.397553][ T5926] usb usb6-port1: attempt power cycle
[  307.512285][ T5902] usb 9-1: new high-speed USB device number 26 using dummy_hcd
[  307.674132][ T5902] usb 9-1: Using ep0 maxpacket: 16
[  307.694814][ T5902] usb 9-1: config 64 has an invalid interface number: 13 but max is 0
[  307.722285][ T5902] usb 9-1: config 64 has no interface number 0
[  307.728514][ T5902] usb 9-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  307.752556][ T5902] usb 9-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  307.773444][ T5926] usb 6-1: new high-speed USB device number 52 using dummy_hcd
[  307.786235][ T5902] usb 9-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  307.816320][ T5902] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  307.833763][ T5926] usb 6-1: device descriptor read/8, error -71
[  307.843352][ T5902] usb 9-1: Product: syz
[  307.854143][ T5902] usb 9-1: Manufacturer: syz
[  307.871861][ T5902] usb 9-1: SerialNumber: syz
[  307.886886][ T5902] option 9-1:64.13: GSM modem (1-port) converter detected
[  308.024236][ T8978] veth0_vlan: entered allmulticast mode
[  308.051574][ T8978] veth0_vlan: left allmulticast mode
[  308.091359][  T982] usb 9-1: USB disconnect, device number 26
[  308.097758][ T5926] usb 6-1: new high-speed USB device number 53 using dummy_hcd
[  308.116874][  T982] option 9-1:64.13: device disconnected
[  308.154264][ T5926] usb 6-1: device descriptor read/8, error -71
[  308.272201][ T5926] usb usb6-port1: unable to enumerate USB device
[  308.346369][ T8982] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1079'.
[  308.388030][ T8982] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1079'.
[  308.553928][  T979] usb 9-1: new full-speed USB device number 27 using dummy_hcd
[  308.736089][  T979] usb 9-1: config 64 has an invalid interface number: 13 but max is 0
[  308.768254][  T979] usb 9-1: config 64 has no interface number 0
[  308.793718][  T979] usb 9-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  308.847734][  T979] usb 9-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  308.862160][  T979] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.884037][  T979] usb 9-1: Product: syz
[  308.888231][  T979] usb 9-1: Manufacturer: syz
[  308.899166][  T979] usb 9-1: SerialNumber: syz
[  309.147557][  T979] usb 9-1: USB disconnect, device number 27
[  309.409331][ T8994] Can't find a SQUASHFS superblock on rnullb0
[  309.487258][ T8994] netlink: 'syz.9.1084': attribute type 4 has an invalid length.
[  310.222328][  T979] usb 9-1: new high-speed USB device number 28 using dummy_hcd
[  310.393205][  T979] usb 9-1: Using ep0 maxpacket: 16
[  310.400433][  T979] usb 9-1: config 64 has an invalid interface number: 13 but max is 0
[  310.414063][  T979] usb 9-1: config 64 has no interface number 0
[  310.430191][ T9004] hfs: can't find a HFS filesystem on dev rnullb0
[  310.441602][  T979] usb 9-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  310.464746][  T979] usb 9-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 1024
[  310.513919][  T979] usb 9-1: config 64 interface 13 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1024
[  310.551320][  T979] usb 9-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  310.561552][  T979] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.597161][  T979] usb 9-1: Product: syz
[  310.601380][  T979] usb 9-1: Manufacturer: syz
[  310.640061][  T979] usb 9-1: SerialNumber: syz
[  310.679929][  T979] option 9-1:64.13: GSM modem (1-port) converter detected
[  310.885470][  T979] usb 9-1: USB disconnect, device number 28
[  310.904951][  T979] option 9-1:64.13: device disconnected
[  310.961663][ T9016] netlink: 57 bytes leftover after parsing attributes in process `syz.5.1094'.
[  311.042659][  T982] usb 10-1: new high-speed USB device number 19 using dummy_hcd
[  311.203612][  T982] usb 10-1: Using ep0 maxpacket: 32
[  311.220777][  T982] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  311.247068][  T982] usb 10-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  311.274562][  T982] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  311.284366][  T982] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  311.308875][  T982] usb 10-1: config 0 descriptor??
[  311.342960][ T5902] usb 6-1: new high-speed USB device number 54 using dummy_hcd
[  311.392311][  T979] usb 9-1: new full-speed USB device number 29 using dummy_hcd
[  311.510901][ T5902] usb 6-1: Using ep0 maxpacket: 16
[  311.526832][ T5902] usb 6-1: config 64 has an invalid interface number: 13 but max is 0
[  311.536749][ T5902] usb 6-1: config 64 has no interface number 0
[  311.557114][ T5902] usb 6-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  311.587661][ T5902] usb 6-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  311.609019][  T979] usb 9-1: config 0 has an invalid interface number: 229 but max is 0
[  311.623093][  T979] usb 9-1: config 0 has no interface number 0
[  311.631623][ T5902] usb 6-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  311.644973][  T979] usb 9-1: config 0 interface 229 altsetting 0 endpoint 0x8 has invalid maxpacket 65344, setting to 64
[  311.662115][ T5902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.680567][ T5902] usb 6-1: Product: syz
[  311.687685][ T5902] usb 6-1: Manufacturer: syz
[  311.700913][ T5902] usb 6-1: SerialNumber: syz
[  311.706009][  T979] usb 9-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  311.720899][  T979] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.747573][ T5902] option 6-1:64.13: GSM modem (1-port) converter detected
[  311.756196][  T979] usb 9-1: Product: syz
[  311.760386][  T979] usb 9-1: Manufacturer: syz
[  311.778752][  T979] usb 9-1: SerialNumber: syz
[  311.800062][  T979] usb 9-1: config 0 descriptor??
[  311.960967][ T9023] Can't find a SQUASHFS superblock on rnullb0
[  311.968821][ T5902] usb 6-1: USB disconnect, device number 54
[  311.985570][ T5902] option 6-1:64.13: device disconnected
[  312.025420][ T9023] netlink: 'syz.7.1096': attribute type 4 has an invalid length.
[  312.047412][  T979] qcserial 9-1:0.229: Qualcomm USB modem converter detected
[  312.093625][  T979] usb 9-1: Qualcomm USB modem converter now attached to ttyUSB0
[  312.118961][  T979] usb 9-1: USB disconnect, device number 29
[  312.136988][  T979] qcserial ttyUSB0: Qualcomm USB modem converter now disconnected from ttyUSB0
[  312.150233][  T979] qcserial 9-1:0.229: device disconnected
[  312.496206][ T5902] usb 6-1: new full-speed USB device number 55 using dummy_hcd
[  312.663952][ T5902] usb 6-1: config 64 has an invalid interface number: 13 but max is 0
[  312.681882][ T5902] usb 6-1: config 64 has no interface number 0
[  312.703270][ T5902] usb 6-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  312.734687][ T5902] usb 6-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  312.752138][ T5902] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.757951][ T9028] bpq0: entered promiscuous mode
[  312.770349][ T5902] usb 6-1: Product: syz
[  312.774743][ T9028] bpq0: entered allmulticast mode
[  312.784648][ T5902] usb 6-1: Manufacturer: syz
[  312.789276][ T5902] usb 6-1: SerialNumber: syz
[  313.023720][ T5902] usb 6-1: USB disconnect, device number 55
[  313.359806][ T9038] syzkaller1: entered promiscuous mode
[  313.379432][ T9038] syzkaller1: entered allmulticast mode
[  313.799447][  T979] usb 10-1: USB disconnect, device number 19
[  313.886193][ T9047] Can't find a SQUASHFS superblock on rnullb0
[  313.932503][   T43] usb 9-1: new high-speed USB device number 30 using dummy_hcd
[  313.961175][ T9047] netlink: 'syz.9.1106': attribute type 4 has an invalid length.
[  314.012262][ T5837] Bluetooth: hci5: command 0x0406 tx timeout
[  314.084114][   T43] usb 9-1: Using ep0 maxpacket: 32
[  314.104722][   T43] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  314.118487][   T43] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  314.134356][   T43] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  314.143890][   T43] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  314.158884][   T43] usb 9-1: config 0 descriptor??
[  314.174011][   T43] hub 9-1:0.0: USB hub found
[  314.375973][   T43] hub 9-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  314.785210][   T43] usbhid 9-1:0.0: can't add hid device: -71
[  314.806562][   T43] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  314.854191][   T43] usb 9-1: USB disconnect, device number 30
[  314.862445][ T9053] omfs: Invalid superblock (0)
[  315.139660][ T5864] usb 10-1: new high-speed USB device number 20 using dummy_hcd
[  315.582153][ T5864] usb 10-1: Using ep0 maxpacket: 8
[  315.591963][ T5864] usb 10-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  315.616262][ T5864] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  315.727746][ T5864] usb 10-1: config 0 descriptor??
[  315.935259][ T9063] overlay: ./file1 is not a directory
[  316.564314][ T9070] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1113'.
[  316.613284][ T9070] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1113'.
[  316.722357][   T43] usb 9-1: new high-speed USB device number 31 using dummy_hcd
[  316.922140][   T43] usb 9-1: Using ep0 maxpacket: 32
[  316.935952][   T43] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  316.966489][   T43] usb 9-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  316.993532][   T43] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  317.014434][   T43] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.045390][   T43] usb 9-1: config 0 descriptor??
[  317.071148][ T1302] ieee802154 phy0 wpan0: encryption failed: -22
[  317.077995][ T1302] ieee802154 phy1 wpan1: encryption failed: -22
[  318.233611][ T5864] asix 10-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  318.259663][ T9077] Can't find a SQUASHFS superblock on rnullb0
[  318.268738][ T5864] asix 10-1:0.0: probe with driver asix failed with error -71
[  318.297754][ T5864] usb 10-1: USB disconnect, device number 20
[  318.329435][ T9077] netlink: 'syz.5.1116': attribute type 4 has an invalid length.
[  318.871272][ T9082] FAULT_INJECTION: forcing a failure.
[  318.871272][ T9082] name failslab, interval 1, probability 0, space 0, times 0
[  318.892401][ T9082] CPU: 0 UID: 0 PID: 9082 Comm: syz.9.1117 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  318.892427][ T9082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  318.892437][ T9082] Call Trace:
[  318.892444][ T9082]  <TASK>
[  318.892452][ T9082]  dump_stack_lvl+0x189/0x250
[  318.892476][ T9082]  ? __pfx____ratelimit+0x10/0x10
[  318.892498][ T9082]  ? __pfx_dump_stack_lvl+0x10/0x10
[  318.892515][ T9082]  ? __pfx__printk+0x10/0x10
[  318.892539][ T9082]  ? __pfx___might_resched+0x10/0x10
[  318.892562][ T9082]  should_fail_ex+0x414/0x560
[  318.892587][ T9082]  should_failslab+0xa8/0x100
[  318.892611][ T9082]  __kmalloc_cache_node_noprof+0x73/0x3d0
[  318.892631][ T9082]  ? __get_vm_area_node+0x13f/0x300
[  318.892654][ T9082]  __get_vm_area_node+0x13f/0x300
[  318.892679][ T9082]  __vmalloc_node_range_noprof+0x301/0x12f0
[  318.892701][ T9082]  ? copy_process+0x54b/0x3c00
[  318.892731][ T9082]  ? percpu_ref_get_many+0x19/0x140
[  318.892753][ T9082]  ? percpu_ref_get_many+0x19/0x140
[  318.892788][ T9082]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  318.892820][ T9082]  ? memcpy_and_pad+0x48/0x80
[  318.892844][ T9082]  __vmalloc_node_noprof+0xc2/0x110
[  318.892863][ T9082]  ? copy_process+0x54b/0x3c00
[  318.892880][ T9082]  ? copy_process+0x54b/0x3c00
[  318.892901][ T9082]  dup_task_struct+0x3e7/0x860
[  318.892926][ T9082]  copy_process+0x54b/0x3c00
[  318.892975][ T9082]  ? __pfx_copy_process+0x10/0x10
[  318.893007][ T9082]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  318.893023][ T9082]  vhost_task_create+0x1c4/0x290
[  318.893046][ T9082]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  318.893063][ T9082]  ? __pfx_vhost_task_create+0x10/0x10
[  318.893092][ T9082]  ? __pfx_vhost_task_fn+0x10/0x10
[  318.893123][ T9082]  ? kasan_save_track+0x4f/0x80
[  318.893139][ T9082]  ? kasan_save_track+0x3e/0x80
[  318.893161][ T9082]  kvm_mmu_post_init_vm+0x147/0x2b0
[  318.893184][ T9082]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  318.893213][ T9082]  ? __mutex_trylock_common+0x153/0x260
[  318.893237][ T9082]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  318.893262][ T9082]  ? rcu_is_watching+0x15/0xb0
[  318.893280][ T9082]  ? look_up_lock_class+0x74/0x170
[  318.893305][ T9082]  ? register_lock_class+0x51/0x320
[  318.893327][ T9082]  ? __lock_acquire+0xab9/0xd20
[  318.893374][ T9082]  kvm_vcpu_ioctl+0x95c/0xe90
[  318.893401][ T9082]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  318.893419][ T9082]  ? __lock_acquire+0xab9/0xd20
[  318.893460][ T9082]  ? __fget_files+0x2a/0x420
[  318.893486][ T9082]  ? __fget_files+0x2a/0x420
[  318.893507][ T9082]  ? __fget_files+0x3a0/0x420
[  318.893528][ T9082]  ? __fget_files+0x2a/0x420
[  318.893553][ T9082]  ? bpf_lsm_file_ioctl+0x9/0x20
[  318.893570][ T9082]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  318.893590][ T9082]  __se_sys_ioctl+0xfc/0x170
[  318.893613][ T9082]  do_syscall_64+0xfa/0x3b0
[  318.893628][ T9082]  ? lockdep_hardirqs_on+0x9c/0x150
[  318.893651][ T9082]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.893667][ T9082]  ? clear_bhb_loop+0x60/0xb0
[  318.893687][ T9082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  318.893703][ T9082] RIP: 0033:0x7f75c878e929
[  318.893718][ T9082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  318.893733][ T9082] RSP: 002b:00007f75c95d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  318.893750][ T9082] RAX: ffffffffffffffda RBX: 00007f75c89b5fa0 RCX: 00007f75c878e929
[  318.893762][ T9082] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  318.893772][ T9082] RBP: 00007f75c95d8090 R08: 0000000000000000 R09: 0000000000000000
[  318.893781][ T9082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  318.893790][ T9082] R13: 0000000000000000 R14: 00007f75c89b5fa0 R15: 00007ffdc9165498
[  318.893826][ T9082]  </TASK>
[  318.894278][ T9082] syz.9.1117: vmalloc error: size 32768, vm_struct allocation failed, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  319.402118][ T9082] CPU: 0 UID: 0 PID: 9082 Comm: syz.9.1117 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  319.402145][ T9082] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  319.402155][ T9082] Call Trace:
[  319.402162][ T9082]  <TASK>
[  319.402170][ T9082]  dump_stack_lvl+0x189/0x250
[  319.402197][ T9082]  ? __pfx_dump_stack_lvl+0x10/0x10
[  319.402217][ T9082]  ? __pfx__printk+0x10/0x10
[  319.402251][ T9082]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  319.402280][ T9082]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  319.402303][ T9082]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  319.402328][ T9082]  warn_alloc+0x214/0x310
[  319.402357][ T9082]  ? __pfx_warn_alloc+0x10/0x10
[  319.402380][ T9082]  ? __get_vm_area_node+0x13f/0x300
[  319.402405][ T9082]  ? __get_vm_area_node+0x2b5/0x300
[  319.402443][ T9082]  __vmalloc_node_range_noprof+0x326/0x12f0
[  319.402476][ T9082]  ? percpu_ref_get_many+0x19/0x140
[  319.402499][ T9082]  ? percpu_ref_get_many+0x19/0x140
[  319.402533][ T9082]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  319.402558][ T9082]  ? memcpy_and_pad+0x48/0x80
[  319.402582][ T9082]  __vmalloc_node_noprof+0xc2/0x110
[  319.402603][ T9082]  ? copy_process+0x54b/0x3c00
[  319.402622][ T9082]  ? copy_process+0x54b/0x3c00
[  319.402643][ T9082]  dup_task_struct+0x3e7/0x860
[  319.402668][ T9082]  copy_process+0x54b/0x3c00
[  319.402714][ T9082]  ? __pfx_copy_process+0x10/0x10
[  319.402744][ T9082]  ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10
[  319.402761][ T9082]  vhost_task_create+0x1c4/0x290
[  319.402789][ T9082]  ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10
[  319.402805][ T9082]  ? __pfx_vhost_task_create+0x10/0x10
[  319.402832][ T9082]  ? __pfx_vhost_task_fn+0x10/0x10
[  319.402862][ T9082]  ? kasan_save_track+0x4f/0x80
[  319.402878][ T9082]  ? kasan_save_track+0x3e/0x80
[  319.402901][ T9082]  kvm_mmu_post_init_vm+0x147/0x2b0
[  319.402923][ T9082]  kvm_arch_vcpu_ioctl_run+0xdc/0x1940
[  319.402952][ T9082]  ? __mutex_trylock_common+0x153/0x260
[  319.402976][ T9082]  ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10
[  319.403001][ T9082]  ? rcu_is_watching+0x15/0xb0
[  319.403019][ T9082]  ? look_up_lock_class+0x74/0x170
[  319.403045][ T9082]  ? register_lock_class+0x51/0x320
[  319.403068][ T9082]  ? __lock_acquire+0xab9/0xd20
[  319.403113][ T9082]  kvm_vcpu_ioctl+0x95c/0xe90
[  319.403140][ T9082]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  319.403157][ T9082]  ? __lock_acquire+0xab9/0xd20
[  319.403193][ T9082]  ? __fget_files+0x2a/0x420
[  319.403219][ T9082]  ? __fget_files+0x2a/0x420
[  319.403254][ T9082]  ? __fget_files+0x3a0/0x420
[  319.403276][ T9082]  ? __fget_files+0x2a/0x420
[  319.403301][ T9082]  ? bpf_lsm_file_ioctl+0x9/0x20
[  319.403318][ T9082]  ? __pfx_kvm_vcpu_ioctl+0x10/0x10
[  319.403337][ T9082]  __se_sys_ioctl+0xfc/0x170
[  319.403360][ T9082]  do_syscall_64+0xfa/0x3b0
[  319.403375][ T9082]  ? lockdep_hardirqs_on+0x9c/0x150
[  319.403397][ T9082]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.403414][ T9082]  ? clear_bhb_loop+0x60/0xb0
[  319.403434][ T9082]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  319.403450][ T9082] RIP: 0033:0x7f75c878e929
[  319.403465][ T9082] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  319.403480][ T9082] RSP: 002b:00007f75c95d8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  319.403498][ T9082] RAX: ffffffffffffffda RBX: 00007f75c89b5fa0 RCX: 00007f75c878e929
[  319.403510][ T9082] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005
[  319.403520][ T9082] RBP: 00007f75c95d8090 R08: 0000000000000000 R09: 0000000000000000
[  319.403529][ T9082] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  319.403538][ T9082] R13: 0000000000000000 R14: 00007f75c89b5fa0 R15: 00007ffdc9165498
[  319.403566][ T9082]  </TASK>
[  319.403583][ T9082] Mem-Info:
[  319.642996][  T979] usb 9-1: USB disconnect, device number 31
[  319.692132][ T9082] active_anon:7326 inactive_anon:0 isolated_anon:0
[  319.692132][ T9082]  active_file:11107 inactive_file:44347 isolated_file:0
[  319.692132][ T9082]  unevictable:768 dirty:50 writeback:0
[  319.692132][ T9082]  slab_reclaimable:10736 slab_unreclaimable:114580
[  319.692132][ T9082]  mapped:57861 shmem:1357 pagetables:1555
[  319.692132][ T9082]  sec_pagetables:0 bounce:0
[  319.692132][ T9082]  kernel_misc_reclaimable:0
[  319.692132][ T9082]  free:1237083 free_pcp:14593 free_cma:0
[  319.915022][ T9082] Node 0 active_anon:29428kB inactive_anon:0kB active_file:44428kB inactive_file:177188kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:231352kB dirty:212kB writeback:0kB shmem:3892kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:14068kB pagetables:5904kB sec_pagetables:12kB all_unreclaimable? no Balloon:0kB
[  320.004822][ T9082] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:164kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  320.083902][ T9095] tipc: Started in network mode
[  320.088813][ T9095] tipc: Node identity aaaaaaaaaa3, cluster identity 4711
[  320.098492][ T9082] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  320.144464][ T9095] tipc: Enabled bearer <eth:ipvlan1>, priority 10
[  320.182365][ T9082] lowmem_reserve[]: 0 2497 2498 2498 2498
[  320.188190][ T9082] Node 0 DMA32 free:1030468kB boost:0kB min:34232kB low:42788kB high:51344kB reserved_highatomic:0KB free_highatomic:0KB active_anon:29484kB inactive_anon:0kB active_file:44428kB inactive_file:175860kB unevictable:1536kB writepending:212kB present:3129332kB managed:2557540kB mlocked:0kB bounce:0kB free_pcp:38548kB local_pcp:18608kB free_cma:0kB
[  320.212175][  T979] usb 9-1: new high-speed USB device number 32 using dummy_hcd
[  320.287244][ T9082] lowmem_reserve[]: 0 0 1 1 1
[  320.292391][ T9082] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1328kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  320.326545][ T9082] lowmem_reserve[]: 0 0 0 0 0
[  320.331323][ T9082] Node 1 Normal free:3904020kB boost:0kB min:55652kB low:69564kB high:83476kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18432kB local_pcp:12224kB free_cma:0kB
[  320.382463][ T9082] lowmem_reserve[]: 0 0 0 0 0
[  320.387243][ T9082] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  320.422299][  T979] usb 9-1: Using ep0 maxpacket: 32
[  320.429537][  T979] usb 9-1: config 0 has an invalid interface number: 231 but max is 0
[  320.442392][ T9082] Node 0 DMA32: 244*4kB (UME) 248*8kB (UME) 211*16kB (UME) 865*32kB (UME) 354*64kB (UM) 43*128kB (UME) 20*256kB (ME) 22*512kB (UME) 14*1024kB (UME) 6*2048kB (UME) 225*4096kB (M) = 1026784kB
[  320.448443][  T979] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  320.508337][ T9082] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  320.530518][ T9098] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1123'.
[  320.540427][ T9082] Node 1 Normal: 177*4kB (UME) 48*8kB (UME) 35*16kB (UME) 127*32kB (UME) 43*64kB (UME) 8*128kB (UME) 5*256kB (UM) 4*512kB (UM) 2*1024kB (UM) 1*2048kB (U) 949*4096kB (ME) = 3904020kB
[  320.542828][  T979] usb 9-1: config 0 has no interface number 0
[  320.591894][ T9082] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  320.617286][  T979] usb 9-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  320.622205][ T9098] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1123'.
[  320.637843][ T9082] Node 0 hugepages_total=6 hugepages_free=0 hugepages_surp=4 hugepages_size=2048kB
[  320.652110][  T979] usb 9-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  320.655028][ T9082] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  320.709361][  T979] usb 9-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9
[  320.715173][ T9082] Node 1 hugepages_total=2 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB
[  320.718671][  T979] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  320.763106][ T9082] 56807 total pagecache pages
[  320.781268][ T9082] 0 pages in swap cache
[  320.791360][ T9082] Free swap  = 124996kB
[  320.791727][  T979] usb 9-1: Product: syz
[  320.814928][ T9082] Total swap = 124996kB
[  320.819129][ T9082] 2097051 pages RAM
[  320.822198][  T979] usb 9-1: Manufacturer: syz
[  320.827527][  T979] usb 9-1: SerialNumber: syz
[  320.837879][ T9082] 0 pages HighMem/MovableOnly
[  320.855393][ T9082] 425688 pages reserved
[  320.860786][  T979] usb 9-1: config 0 descriptor??
[  320.884241][ T9093] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22
[  320.891658][ T9082] 0 pages cma reserved
[  320.897750][  T979] usb-storage 9-1:0.231: USB Mass Storage device detected
[  321.107707][  T979] usb 9-1: USB disconnect, device number 32
[  321.171222][  T982] tipc: Node number set to 10136234
[  321.444534][ T9108] Can't find a SQUASHFS superblock on rnullb0
[  321.487333][ T9108] netlink: 'syz.5.1126': attribute type 4 has an invalid length.
[  322.212280][  T982] usb 9-1: new high-speed USB device number 33 using dummy_hcd
[  322.362369][  T982] usb 9-1: Using ep0 maxpacket: 16
[  322.371860][  T982] usb 9-1: config 64 has an invalid interface number: 13 but max is 0
[  322.394853][  T982] usb 9-1: config 64 has no interface number 0
[  322.411651][  T982] usb 9-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  322.440545][  T982] usb 9-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  322.481478][  T982] usb 9-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  322.502548][  T982] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  322.510583][  T982] usb 9-1: Product: syz
[  322.541875][  T982] usb 9-1: Manufacturer: syz
[  322.568929][  T982] usb 9-1: SerialNumber: syz
[  322.609397][  T982] option 9-1:64.13: GSM modem (1-port) converter detected
[  322.767330][ T9121] FAT-fs (rnullb0): invalid media value (0x67)
[  322.797273][ T9121] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  322.820333][ T5926] usb 9-1: USB disconnect, device number 33
[  322.843382][ T5926] option 9-1:64.13: device disconnected
[  323.213321][ T9132] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1133'.
[  323.308813][ T9132] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1133'.
[  323.352391][ T5926] usb 9-1: new full-speed USB device number 34 using dummy_hcd
[  323.579105][ T5926] usb 9-1: config 0 has an invalid interface number: 229 but max is 0
[  323.592492][ T5926] usb 9-1: config 0 has no interface number 0
[  323.619119][ T5926] usb 9-1: config 0 interface 229 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  323.689113][ T5926] usb 9-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  323.710794][ T5926] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  323.740442][ T5926] usb 9-1: Product: syz
[  323.750446][ T5926] usb 9-1: Manufacturer: syz
[  323.771445][ T5926] usb 9-1: SerialNumber: syz
[  323.805085][ T5926] usb 9-1: config 0 descriptor??
[  324.035553][   T43] usb 9-1: USB disconnect, device number 34
[  324.211937][ T9141] Can't find a SQUASHFS superblock on rnullb0
[  324.263696][ T9141] netlink: 'syz.5.1138': attribute type 4 has an invalid length.
[  325.063802][ T9146] netlink: 'syz.9.1140': attribute type 4 has an invalid length.
[  325.071589][ T9146] netlink: 124 bytes leftover after parsing attributes in process `syz.9.1140'.
[  325.502175][   T43] usb 6-1: new high-speed USB device number 56 using dummy_hcd
[  325.652705][ T5902] usb 10-1: new high-speed USB device number 21 using dummy_hcd
[  325.682235][   T43] usb 6-1: Using ep0 maxpacket: 32
[  325.690597][   T43] usb 6-1: config 0 has an invalid interface number: 115 but max is 0
[  325.702080][   T43] usb 6-1: config 0 has no interface number 0
[  325.720939][   T43] usb 6-1: config 0 interface 115 has no altsetting 0
[  325.755296][   T43] usb 6-1: New USB device found, idVendor=03f0, idProduct=3239, bcdDevice=c1.64
[  325.782680][   T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.790721][   T43] usb 6-1: Product: syz
[  325.804945][   T43] usb 6-1: Manufacturer: syz
[  325.809578][   T43] usb 6-1: SerialNumber: syz
[  325.824609][   T43] usb 6-1: config 0 descriptor??
[  325.832417][ T5902] usb 10-1: Using ep0 maxpacket: 32
[  325.845753][   T43] pl2303 6-1:0.115: required interrupt-in endpoint missing
[  325.862229][ T5902] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  325.896195][ T5902] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  325.913072][ T5902] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  325.928206][ T5902] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.953064][ T5902] usb 10-1: config 0 descriptor??
[  325.964383][ T5902] hub 10-1:0.0: USB hub found
[  326.058721][ T5864] usb 6-1: USB disconnect, device number 56
[  326.164644][ T5902] hub 10-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  326.353506][ T9161] FAULT_INJECTION: forcing a failure.
[  326.353506][ T9161] name fail_page_alloc, interval 1, probability 0, space 0, times 0
[  326.363721][ T9162] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1146'.
[  326.392185][ T9162] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1146'.
[  326.402257][ T9161] CPU: 0 UID: 0 PID: 9161 Comm: syz.7.1147 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  326.402284][ T9161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  326.402294][ T9161] Call Trace:
[  326.402301][ T9161]  <TASK>
[  326.402307][ T9161]  dump_stack_lvl+0x189/0x250
[  326.402336][ T9161]  ? __pfx____ratelimit+0x10/0x10
[  326.402360][ T9161]  ? __pfx_dump_stack_lvl+0x10/0x10
[  326.402379][ T9161]  ? __pfx__printk+0x10/0x10
[  326.402397][ T9161]  ? fs_reclaim_acquire+0x7d/0x100
[  326.402427][ T9161]  should_fail_ex+0x414/0x560
[  326.402453][ T9161]  prepare_alloc_pages+0x213/0x610
[  326.402484][ T9161]  __alloc_frozen_pages_noprof+0x123/0x370
[  326.402512][ T9161]  ? __pfx___alloc_frozen_pages_noprof+0x10/0x10
[  326.402540][ T9161]  ? __lock_acquire+0xab9/0xd20
[  326.402569][ T9161]  alloc_pages_mpol+0x232/0x4a0
[  326.402595][ T9161]  alloc_pages_noprof+0xa9/0x190
[  326.402618][ T9161]  pte_alloc_one+0x21/0x170
[  326.402639][ T9161]  __pte_alloc+0x25/0x1a0
[  326.402666][ T9161]  __handle_mm_fault+0x4b8a/0x5620
[  326.402705][ T9161]  ? __pfx___handle_mm_fault+0x10/0x10
[  326.402741][ T9161]  ? find_vma+0xe7/0x160
[  326.402760][ T9161]  ? __pfx_find_vma+0x10/0x10
[  326.402783][ T9161]  handle_mm_fault+0x40a/0x8e0
[  326.402812][ T9161]  do_user_addr_fault+0x764/0x1390
[  326.402851][ T9161]  exc_page_fault+0x76/0xf0
[  326.402877][ T9161]  asm_exc_page_fault+0x26/0x30
[  326.402892][ T9161] RIP: 0010:__put_user_4+0xd/0x20
[  326.402908][ T9161] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca e9 07 3b 03 00 90 90 90 90 90 90 90 90 90 90
[  326.402922][ T9161] RSP: 0018:ffffc90003187c88 EFLAGS: 00050206
[  326.402937][ T9161] RAX: 0000000000000044 RBX: 0000000000000000 RCX: 0000200000000000
[  326.402948][ T9161] RDX: 0000000000000000 RSI: ffffffff8dc3aa43 RDI: ffffffff8be418c0
[  326.402959][ T9161] RBP: dffffc0000000000 R08: 0000000000000000 R09: ffffffff820c8620
[  326.402970][ T9161] R10: dffffc0000000000 R11: fffffbfff1f845bf R12: 00000000000000c9
[  326.402982][ T9161] R13: 0000000000000044 R14: 0000200000000000 R15: ffff8880217b6000
[  326.403000][ T9161]  ? __might_fault+0xb0/0x130
[  326.403028][ T9161]  vt_do_diacrit+0x534/0xa40
[  326.403050][ T9161]  vt_ioctl+0x101a/0x1f00
[  326.403078][ T9161]  ? __pfx_vt_ioctl+0x10/0x10
[  326.403120][ T9161]  ? __fget_files+0x2a/0x420
[  326.403148][ T9161]  ? __fget_files+0x3a0/0x420
[  326.403169][ T9161]  ? __fget_files+0x2a/0x420
[  326.403195][ T9161]  tty_ioctl+0x929/0xde0
[  326.403212][ T9161]  ? __pfx_tty_ioctl+0x10/0x10
[  326.403228][ T9161]  __se_sys_ioctl+0xfc/0x170
[  326.403251][ T9161]  do_syscall_64+0xfa/0x3b0
[  326.403265][ T9161]  ? lockdep_hardirqs_on+0x9c/0x150
[  326.403288][ T9161]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.403304][ T9161]  ? clear_bhb_loop+0x60/0xb0
[  326.403325][ T9161]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  326.403341][ T9161] RIP: 0033:0x7f590278e929
[  326.403355][ T9161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  326.403369][ T9161] RSP: 002b:00007f5903595038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  326.403385][ T9161] RAX: ffffffffffffffda RBX: 00007f59029b5fa0 RCX: 00007f590278e929
[  326.403397][ T9161] RDX: 0000200000000000 RSI: 0000000000004b4a RDI: 0000000000000003
[  326.403408][ T9161] RBP: 00007f5903595090 R08: 0000000000000000 R09: 0000000000000000
[  326.403418][ T9161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  326.403428][ T9161] R13: 0000000000000000 R14: 00007f59029b5fa0 R15: 00007fffea89e8a8
[  326.403456][ T9161]  </TASK>
[  326.652395][ T5902] usbhid 10-1:0.0: can't add hid device: -71
[  326.652498][ T5902] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  326.673519][ T5902] usb 10-1: USB disconnect, device number 21
[  327.252637][ T5864] usb 9-1: new high-speed USB device number 35 using dummy_hcd
[  327.324382][ T9170] Can't find a SQUASHFS superblock on rnullb0
[  327.538270][ T9170] netlink: 'syz.9.1150': attribute type 4 has an invalid length.
[  327.592240][ T5864] usb 9-1: Using ep0 maxpacket: 16
[  327.603502][ T5864] usb 9-1: config 64 has an invalid interface number: 13 but max is 0
[  327.634878][ T5864] usb 9-1: config 64 has no interface number 0
[  327.641149][ T5864] usb 9-1: config 64 interface 13 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16
[  327.696926][ T5864] usb 9-1: config 64 interface 13 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  327.740086][ T5864] usb 9-1: New USB device found, idVendor=0e8d, idProduct=00a7, bcdDevice=b5.31
[  327.751048][ T5864] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.771039][ T5864] usb 9-1: Product: syz
[  327.794012][ T5864] usb 9-1: Manufacturer: syz
[  327.809819][ T5864] usb 9-1: SerialNumber: syz
[  327.838413][ T5864] option 9-1:64.13: GSM modem (1-port) converter detected
[  328.067052][ T5864] usb 9-1: USB disconnect, device number 35
[  328.097036][ T5864] option 9-1:64.13: device disconnected
[  328.192648][   T10] usb 6-1: new high-speed USB device number 57 using dummy_hcd
[  328.385386][   T10] usb 6-1: Using ep0 maxpacket: 32
[  328.403855][   T10] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  328.424013][   T10] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  328.449833][   T10] usb 6-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  328.469423][   T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.513329][   T10] usb 6-1: config 0 descriptor??
[  328.540928][   T10] hub 6-1:0.0: bad descriptor, ignoring hub
[  328.559152][   T10] hub 6-1:0.0: probe with driver hub failed with error -5
[  328.562151][ T5864] usb 9-1: new full-speed USB device number 36 using dummy_hcd
[  328.576022][   T10] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  328.595737][ T9187] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1157'.
[  328.622144][ T9187] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1157'.
[  328.743769][ T5864] usb 9-1: config 0 has an invalid interface number: 229 but max is 0
[  328.763856][ T5864] usb 9-1: config 0 has no interface number 0
[  328.770111][ T5864] usb 9-1: config 0 interface 229 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  328.793329][ T5864] usb 9-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=1f.38
[  328.811512][ T5864] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.831985][ T5864] usb 9-1: Product: syz
[  328.839622][ T5864] usb 9-1: Manufacturer: syz
[  328.849931][ T5864] usb 9-1: SerialNumber: syz
[  328.868614][ T5864] usb 9-1: config 0 descriptor??
[  329.092453][ T5864] usb 9-1: USB disconnect, device number 36
[  329.374986][ T5837] Bluetooth: hci6: command 0x0406 tx timeout
[  329.634114][ T5864] usb 10-1: new high-speed USB device number 22 using dummy_hcd
[  329.805932][ T5864] usb 10-1: Using ep0 maxpacket: 32
[  329.813375][ T5864] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  329.840530][ T5864] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  329.871650][ T5864] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  329.894076][ T5864] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.924911][ T5864] usb 10-1: config 0 descriptor??
[  329.944701][ T5864] hub 10-1:0.0: USB hub found
[  330.185243][ T5864] hub 10-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  330.592862][ T5864] usbhid 10-1:0.0: can't add hid device: -71
[  330.598994][ T5864] usbhid 10-1:0.0: probe with driver usbhid failed with error -71
[  330.643637][ T5864] usb 10-1: USB disconnect, device number 22
[  331.073970][ T5926] usb 6-1: USB disconnect, device number 57
[  331.085327][ T9201] FAT-fs (rnullb0): invalid media value (0x67)
[  331.115642][ T9201] FAT-fs (rnullb0): Can't find a valid FAT filesystem
[  331.219906][ T9204] Can't find a SQUASHFS superblock on rnullb0
[  331.246326][ T9205] netlink: 168 bytes leftover after parsing attributes in process `syz.7.1162'.
[  331.269999][ T9204] netlink: 'syz.9.1163': attribute type 4 has an invalid length.
[  331.758766][ T9223] workqueue: name exceeds WQ_NAME_LEN. Truncating to: !寿$���UL�vy��آ
�D��UD�w�}�z
[  332.022907][   T10] usb 6-1: new full-speed USB device number 58 using dummy_hcd
[  332.077953][ T5835] Bluetooth: hci7: unexpected event 0x04 length: 9 < 10
[  332.183773][   T10] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  332.217002][   T10] usb 6-1: config 0 interface 0 has no altsetting 0
[  332.276210][   T10] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  332.318203][   T10] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  332.332952][ T9233] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1169'.
[  332.362272][ T9233] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1169'.
[  332.369767][   T10] usb 6-1: Product: syz
[  332.395770][   T10] usb 6-1: Manufacturer: syz
[  332.400415][   T10] usb 6-1: SerialNumber: syz
[  332.435164][   T10] usb 6-1: config 0 descriptor??
[  332.487523][   T10] usb 6-1: selecting invalid altsetting 0
[  332.660111][   T43] usb 9-1: new high-speed USB device number 37 using dummy_hcd
[  332.686104][   T10] usb 6-1: USB disconnect, device number 58
[  332.882127][   T43] usb 9-1: Using ep0 maxpacket: 32
[  332.919838][   T43] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  332.942082][   T43] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  332.951874][   T43] usb 9-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  332.985143][   T43] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.009199][   T43] usb 9-1: config 0 descriptor??
[  333.027747][   T43] hub 9-1:0.0: USB hub found
[  333.237035][   T43] hub 9-1:0.0: config failed, hub doesn't have any ports! (err -19)
[  333.640450][   T43] usbhid 9-1:0.0: can't add hid device: -71
[  333.657845][   T43] usbhid 9-1:0.0: probe with driver usbhid failed with error -71
[  333.710767][   T43] usb 9-1: USB disconnect, device number 37
[  334.273881][ T9249] Can't find a SQUASHFS superblock on rnullb0
[  334.311756][ T9249] netlink: 'syz.8.1177': attribute type 4 has an invalid length.
[  334.322593][  T982] usb 6-1: new high-speed USB device number 59 using dummy_hcd
[  334.501580][  T982] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  334.533764][  T982] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  334.553904][  T982] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.576729][  T982] usb 6-1: config 0 descriptor??
[  334.591647][  T982] pwc: Askey VC010 type 2 USB webcam detected.
[  334.889066][ T9258] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1180'.
[  334.919006][ T9258] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1180'.
[  334.973353][   T31] INFO: task kworker/u8:6:3450 blocked for more than 143 seconds.
[  334.990567][  T982] pwc: recv_control_msg error -32 req 02 val 2b00
[  334.992093][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  335.018444][  T982] pwc: recv_control_msg error -32 req 02 val 2700
[  335.029864][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  335.035940][  T982] pwc: recv_control_msg error -32 req 02 val 2c00
[  335.058414][   T31] task:kworker/u8:6    state:D stack:21848 pid:3450  tgid:3450  ppid:2      task_flags:0x4388060 flags:0x00004000
[  335.068433][  T982] pwc: recv_control_msg error -32 req 04 val 1000
[  335.099927][   T31] Workqueue: loop6 loop_rootcg_workfn
[  335.107266][  T982] pwc: recv_control_msg error -32 req 04 val 1300
[  335.121737][   T31] Call Trace:
[  335.124866][  T982] pwc: recv_control_msg error -32 req 04 val 1400
[  335.131607][   T31]  <TASK>
[  335.153617][   T31]  __schedule+0x16f5/0x4d00
[  335.157387][  T982] pwc: recv_control_msg error -32 req 02 val 2000
[  335.158180][   T31]  ? __lock_acquire+0xab9/0xd20
[  335.179986][   T31]  ? schedule+0x165/0x360
[  335.190101][   T31]  ? __pfx___schedule+0x10/0x10
[  335.200227][   T31]  ? schedule+0x91/0x360
[  335.215515][  T982] pwc: recv_control_msg error -32 req 02 val 2100
[  335.217032][   T31]  schedule+0x165/0x360
[  335.232743][  T982] pwc: recv_control_msg error -32 req 04 val 1500
[  335.246759][   T31]  ? rwsem_down_read_slowpath+0x568/0x880
[  335.264581][   T31]  schedule_preempt_disabled+0x13/0x30
[  335.270103][   T31]  rwsem_down_read_slowpath+0x552/0x880
[  335.292256][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  335.316888][   T31]  ? blkdev_read_iter+0x2f8/0x440
[  335.332223][   T31]  down_read+0x98/0x2e0
[  335.336543][   T31]  blkdev_read_iter+0x2f8/0x440
[  335.347752][   T31]  lo_rw_aio+0xd8e/0x1040
[  335.367879][   T31]  ? do_raw_spin_lock+0x121/0x290
[  335.383871][   T31]  ? __pfx_lo_rw_aio+0x10/0x10
[  335.394433][   T31]  ? kthread_associate_blkcg+0x35a/0x600
[  335.406764][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  335.417988][   T31]  loop_process_work+0x810/0xf40
[  335.428700][   T31]  ? __pfx_loop_process_work+0x10/0x10
[  335.457209][   T31]  ? lockdep_unlock+0x89/0x120
[  335.478719][   T31]  ? validate_chain+0x897/0x2140
[  335.499395][   T31]  ? __lock_acquire+0xab9/0xd20
[  335.521074][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  335.544619][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  335.584518][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  335.610349][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  335.622423][   T31]  process_scheduled_works+0xae1/0x17b0
[  335.636157][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  335.663657][   T31]  worker_thread+0x8a0/0xda0
[  335.678691][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  335.699869][   T31]  ? __kthread_parkme+0x7b/0x200
[  335.721862][   T31]  kthread+0x70e/0x8a0
[  335.741922][   T31]  ? __pfx_worker_thread+0x10/0x10
[  335.762142][   T31]  ? __pfx_kthread+0x10/0x10
[  335.781302][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  335.798865][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  335.817638][   T31]  ? __pfx_kthread+0x10/0x10
[  335.832509][   T31]  ret_from_fork+0x3fc/0x770
[  335.847041][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  335.866064][   T31]  ? __switch_to_asm+0x39/0x70
[  335.889779][   T31]  ? __switch_to_asm+0x33/0x70
[  335.900942][   T31]  ? __pfx_kthread+0x10/0x10
[  335.918732][   T31]  ret_from_fork_asm+0x1a/0x30
[  335.932322][   T31]  </TASK>
[  335.937729][   T31] INFO: task syz.4.618:7597 blocked for more than 144 seconds.
[  335.976108][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  336.001780][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  336.039025][   T31] task:syz.4.618       state:D stack:26936 pid:7597  tgid:7596  ppid:7353   task_flags:0x400040 flags:0x00004004
[  336.100411][   T31] Call Trace:
[  336.103853][   T31]  <TASK>
[  336.106810][   T31]  __schedule+0x16f5/0x4d00
[  336.111351][   T31]  ? __lock_acquire+0xab9/0xd20
[  336.123489][   T31]  ? schedule+0x165/0x360
[  336.134711][   T31]  ? __pfx___schedule+0x10/0x10
[  336.146340][   T31]  ? schedule+0x91/0x360
[  336.156375][   T31]  schedule+0x165/0x360
[  336.166290][   T31]  ? rwsem_down_read_slowpath+0x568/0x880
[  336.182310][   T31]  schedule_preempt_disabled+0x13/0x30
[  336.194652][   T31]  rwsem_down_read_slowpath+0x552/0x880
[  336.207097][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  336.222686][   T31]  ? blkdev_read_iter+0x2f8/0x440
[  336.233547][   T31]  down_read+0x98/0x2e0
[  336.243485][   T31]  blkdev_read_iter+0x2f8/0x440
[  336.256345][   T31]  do_iter_readv_writev+0x56e/0x7f0
[  336.268475][   T31]  ? __pfx_do_iter_readv_writev+0x10/0x10
[  336.284381][   T31]  ? bpf_lsm_file_permission+0x9/0x20
[  336.296740][   T31]  ? security_file_permission+0x75/0x290
[  336.309254][   T31]  ? rw_verify_area+0x258/0x650
[  336.321058][   T31]  vfs_readv+0x253/0x850
[  336.331302][   T31]  ? __pfx_vfs_readv+0x10/0x10
[  336.344671][   T31]  ? __fget_files+0x2a/0x420
[  336.356466][   T31]  ? __fget_files+0x3a0/0x420
[  336.368424][   T31]  ? __fget_files+0x2a/0x420
[  336.383157][   T31]  __x64_sys_preadv+0x197/0x2a0
[  336.395020][   T31]  ? __pfx___x64_sys_preadv+0x10/0x10
[  336.408512][   T31]  ? rcu_is_watching+0x15/0xb0
[  336.420866][   T31]  ? do_syscall_64+0xbe/0x3b0
[  336.432863][   T31]  do_syscall_64+0xfa/0x3b0
[  336.447617][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  336.457739][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.472121][   T31]  ? clear_bhb_loop+0x60/0xb0
[  336.489142][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.499285][   T31] RIP: 0033:0x7face418e929
[  336.509369][   T31] RSP: 002b:00007face5089038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  336.532383][   T31] RAX: ffffffffffffffda RBX: 00007face43b5fa0 RCX: 00007face418e929
[  336.540452][   T31] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000005
[  336.568999][   T31] RBP: 00007face4210b39 R08: 0000000000000000 R09: 0000000000000000
[  336.602446][   T31] R10: 00000000fffffffc R11: 0000000000000246 R12: 0000000000000000
[  336.610812][   T31] R13: 0000000000000000 R14: 00007face43b5fa0 R15: 00007ffc5f58a258
[  336.636575][   T31]  </TASK>
[  336.643072][   T31] INFO: task syz.2.664:7718 blocked for more than 145 seconds.
[  336.737298][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  336.759200][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  336.778228][   T31] task:syz.2.664       state:D stack:24104 pid:7718  tgid:7718  ppid:5830   task_flags:0x440040 flags:0x00004004
[  336.808459][   T31] Call Trace:
[  336.817532][   T31]  <TASK>
[  336.823923][   T31]  __schedule+0x16f5/0x4d00
[  336.835207][   T31]  ? schedule+0x165/0x360
[  336.844375][   T31]  ? __pfx___schedule+0x10/0x10
[  336.855970][   T31]  ? schedule+0x91/0x360
[  336.865923][   T31]  schedule+0x165/0x360
[  336.875778][   T31]  ? rwsem_down_read_slowpath+0x568/0x880
[  336.891354][   T31]  schedule_preempt_disabled+0x13/0x30
[  336.906960][   T31]  rwsem_down_read_slowpath+0x552/0x880
[  336.920567][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  336.934639][   T31]  ? page_cache_ra_order+0x445/0xc70
[  336.946798][   T31]  down_read+0x98/0x2e0
[  336.956648][   T31]  page_cache_ra_order+0x445/0xc70
[  336.968627][   T31]  ? maybe_unlock_mmap_for_io+0x225/0x2d0
[  336.982176][   T31]  do_sync_mmap_readahead+0x31a/0x5f0
[  336.995768][   T31]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[  337.009999][   T31]  ? count_memcg_event_mm+0x1d/0x250
[  337.022122][   T31]  ? count_memcg_event_mm+0x1d/0x250
[  337.034215][   T31]  filemap_fault+0x62a/0x1200
[  337.044594][   T31]  ? __pagetable_ctor+0x253/0x340
[  337.056408][   T31]  ? __pfx_filemap_fault+0x10/0x10
[  337.069480][   T31]  ? rcu_is_watching+0x15/0xb0
[  337.092577][   T31]  ? __raw_spin_lock_init+0x45/0x100
[  337.111037][   T31]  __do_fault+0x138/0x390
[  337.126814][  T982] pwc: recv_control_msg error -71 req 02 val 2400
[  337.142251][   T31]  __handle_mm_fault+0x198b/0x5620
[  337.152765][   T31]  ? __lock_acquire+0xab9/0xd20
[  337.157861][  T982] pwc: recv_control_msg error -71 req 02 val 2600
[  337.172490][   T31]  ? __pfx___handle_mm_fault+0x10/0x10
[  337.179396][  T982] pwc: recv_control_msg error -71 req 02 val 2900
[  337.189497][   T31]  ? lock_vma_under_rcu+0xf8/0x710
[  337.203296][  T982] pwc: recv_control_msg error -71 req 02 val 2800
[  337.210948][   T31]  ? lock_vma_under_rcu+0xf8/0x710
[  337.223373][  T982] pwc: recv_control_msg error -71 req 04 val 1100
[  337.235874][  T982] pwc: recv_control_msg error -71 req 04 val 1200
[  337.239818][   T31]  ? __pfx_lock_vma_under_rcu+0x10/0x10
[  337.248911][   T31]  handle_mm_fault+0x40a/0x8e0
[  337.256565][  T982] pwc: Registered as video103.
[  337.272271][  T982] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input18
[  337.274612][   T31]  do_user_addr_fault+0xa81/0x1390
[  337.303756][   T31]  ? rcu_is_watching+0x15/0xb0
[  337.312199][   T31]  ? trace_page_fault_user+0x84/0x1e0
[  337.316962][  T982] usb 6-1: USB disconnect, device number 59
[  337.317595][   T31]  exc_page_fault+0x76/0xf0
[  337.334555][   T31]  asm_exc_page_fault+0x26/0x30
[  337.339439][   T31] RIP: 0033:0x7f9bc795667c
[  337.362282][   T31] RSP: 002b:00007ffddfaf6ae8 EFLAGS: 00010246
[  337.368392][   T31] RAX: 0000200000000000 RBX: 0000000000000004 RCX: 8000000000000010
[  337.393587][   T31] RDX: 0000000000000010 RSI: 00007f9bc74001a9 RDI: 0000200000000000
[  337.412274][   T31] RBP: 00007f9bc7bb7ba0 R08: 00007f9bc7800000 R09: 0000000000000001
[  337.420287][   T31] R10: 0000000000000001 R11: 0000000000000009 R12: 00007f9bc7bb632c
[  337.452470][   T31] R13: 00007f9bc7bb6320 R14: fffffffffffffffe R15: 00007ffddfaf6c00
[  337.460503][   T31]  </TASK>
[  337.472087][   T31] INFO: task syz.2.664:7722 blocked for more than 145 seconds.
[  337.479662][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  337.502186][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  337.510896][   T31] task:syz.2.664       state:D stack:24472 pid:7722  tgid:7718  ppid:5830   task_flags:0x440040 flags:0x00004004
[  337.542989][   T31] Call Trace:
[  337.550451][   T31]  <TASK>
[  337.553707][   T31]  __schedule+0x16f5/0x4d00
[  337.558260][   T31]  ? schedule+0x165/0x360
[  337.572265][   T31]  ? __pfx___schedule+0x10/0x10
[  337.577215][   T31]  ? schedule+0x91/0x360
[  337.581487][   T31]  schedule+0x165/0x360
[  337.602106][   T31]  ? rwsem_down_read_slowpath+0x568/0x880
[  337.609802][   T31]  schedule_preempt_disabled+0x13/0x30
[  337.622114][   T31]  rwsem_down_read_slowpath+0x552/0x880
[  337.627713][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  337.653066][   T31]  ? page_cache_ra_order+0x445/0xc70
[  337.658430][   T31]  down_read+0x98/0x2e0
[  337.672172][   T31]  page_cache_ra_order+0x445/0xc70
[  337.677366][   T31]  ? maybe_unlock_mmap_for_io+0x16a/0x2d0
[  337.692099][   T31]  do_sync_mmap_readahead+0x4b5/0x5f0
[  337.697534][   T31]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[  337.722155][   T31]  ? count_memcg_event_mm+0x1d/0x250
[  337.727501][   T31]  ? count_memcg_event_mm+0x1d/0x250
[  337.742224][   T31]  filemap_fault+0x62a/0x1200
[  337.746967][   T31]  ? __pfx_filemap_fault+0x10/0x10
[  337.762166][   T31]  ? __pfx_filemap_map_pages+0x10/0x10
[  337.767698][   T31]  ? __handle_mm_fault+0x296f/0x5620
[  337.782106][   T31]  __do_fault+0x138/0x390
[  337.786491][   T31]  __handle_mm_fault+0x37ed/0x5620
[  337.791642][   T31]  ? __pfx___handle_mm_fault+0x10/0x10
[  337.812128][   T31]  ? find_vma+0xe7/0x160
[  337.816434][   T31]  ? __pfx_find_vma+0x10/0x10
[  337.821133][   T31]  handle_mm_fault+0x40a/0x8e0
[  337.827752][   T31]  do_user_addr_fault+0x764/0x1390
[  337.836630][   T31]  exc_page_fault+0x76/0xf0
[  337.843014][   T31]  asm_exc_page_fault+0x26/0x30
[  337.848219][   T31] RIP: 0010:rep_movs_alternative+0x30/0x90
[  337.857833][   T31] Code: 83 f9 08 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 <48> 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08
[  337.885129][   T31] RSP: 0018:ffffc9001997fa18 EFLAGS: 00050206
[  337.891316][   T31] RAX: 00007ffffffff001 RBX: 0000000000000038 RCX: 0000000000000038
[  337.921573][   T31] RDX: 0000000000000001 RSI: 0000200000026000 RDI: ffffc9001997faa0
[  337.929937][   T31] RBP: ffffc9001997fc30 R08: ffffc9001997fad7 R09: 1ffff9200332ff5a
[  337.938600][   T31] R10: dffffc0000000000 R11: fffff5200332ff5b R12: 0000000000000002
[  337.947251][   T31] R13: dffffc0000000000 R14: ffffc9001997faa0 R15: 0000200000026000
[  337.959614][   T31]  _copy_from_user+0x7a/0xb0
[  337.967416][   T31]  ___sys_recvmsg+0x12e/0x510
[  337.977169][   T31]  ? trace_irq_disable+0x37/0x110
[  337.986784][   T31]  ? __pfx____sys_recvmsg+0x10/0x10
[  337.992567][   T31]  ? __might_fault+0xb0/0x130
[  337.997411][   T31]  do_recvmmsg+0x307/0x770
[  338.001937][   T31]  ? __pfx_do_recvmmsg+0x10/0x10
[  338.008942][   T31]  ? count_memcg_event_mm+0x21/0x260
[  338.017153][   T31]  ? count_memcg_event_mm+0x21/0x260
[  338.032976][   T31]  __x64_sys_recvmmsg+0x190/0x240
[  338.039067][   T31]  ? __pfx___x64_sys_recvmmsg+0x10/0x10
[  338.045481][   T31]  ? do_syscall_64+0xbe/0x3b0
[  338.050286][   T31]  do_syscall_64+0xfa/0x3b0
[  338.062186][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  338.078755][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.097909][   T31]  ? clear_bhb_loop+0x60/0xb0
[  338.102731][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.108666][   T31] RIP: 0033:0x7f9bc798e929
[  338.130419][   T31] RSP: 002b:00007f9bc8778038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b
[  338.161413][   T31] RAX: ffffffffffffffda RBX: 00007f9bc7bb6160 RCX: 00007f9bc798e929
[  338.172559][   T31] RDX: 0000000000010106 RSI: 00002000000000c0 RDI: 0000000000000004
[  338.192138][   T31] RBP: 00007f9bc7a10b39 R08: 0000000000000000 R09: 0000000000000000
[  338.200167][   T31] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000
[  338.222242][   T31] R13: 0000000000000001 R14: 00007f9bc7bb6160 R15: 00007ffddfaf6988
[  338.230290][   T31]  </TASK>
[  338.242264][   T31] INFO: task syz.2.664:7723 blocked for more than 146 seconds.
[  338.250127][   T31]       Not tainted 6.16.0-rc3-syzkaller #0
[  338.311494][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  338.342118][   T31] task:syz.2.664       state:D stack:24104 pid:7723  tgid:7718  ppid:5830   task_flags:0x440040 flags:0x00004004
[  338.362107][   T31] Call Trace:
[  338.365471][   T31]  <TASK>
[  338.368462][   T31]  __schedule+0x16f5/0x4d00
[  338.382467][   T31]  ? schedule+0x165/0x360
[  338.386858][   T31]  ? __pfx___schedule+0x10/0x10
[  338.391756][   T31]  ? schedule+0x91/0x360
[  338.412401][   T31]  schedule+0x165/0x360
[  338.416638][   T31]  ? rwsem_down_read_slowpath+0x568/0x880
[  338.432185][   T31]  schedule_preempt_disabled+0x13/0x30
[  338.442778][   T31]  rwsem_down_read_slowpath+0x552/0x880
[  338.448381][   T31]  ? __pfx_rwsem_down_read_slowpath+0x10/0x10
[  338.482316][   T31]  ? page_cache_ra_order+0x445/0xc70
[  338.487690][   T31]  down_read+0x98/0x2e0
[  338.491917][   T31]  page_cache_ra_order+0x445/0xc70
[  338.512090][   T31]  ? maybe_unlock_mmap_for_io+0x16a/0x2d0
[  338.517884][   T31]  do_sync_mmap_readahead+0x31a/0x5f0
[  338.532078][   T31]  ? __pfx_do_sync_mmap_readahead+0x10/0x10
[  338.539012][   T31]  ? count_memcg_event_mm+0x1d/0x250
[  338.552390][   T31]  ? count_memcg_event_mm+0x1d/0x250
[  338.557745][   T31]  filemap_fault+0x62a/0x1200
[  338.573232][   T31]  ? __pfx_filemap_fault+0x10/0x10
[  338.578791][   T31]  ? __pfx_filemap_map_pages+0x10/0x10
[  338.592349][   T31]  ? __handle_mm_fault+0x296f/0x5620
[  338.597684][   T31]  __do_fault+0x138/0x390
[  338.612124][   T31]  __handle_mm_fault+0x37ed/0x5620
[  338.617300][   T31]  ? __pfx___handle_mm_fault+0x10/0x10
[  338.642142][   T31]  ? __pfx___might_resched+0x10/0x10
[  338.647487][   T31]  handle_mm_fault+0x40a/0x8e0
[  338.662131][   T31]  __get_user_pages+0x1af4/0x30b0
[  338.667219][   T31]  ? mt_find+0x15c/0x5f0
[  338.671499][   T31]  ? __pfx___get_user_pages+0x10/0x10
[  338.692110][   T31]  populate_vma_page_range+0x26b/0x340
[  338.697634][   T31]  ? __pfx_populate_vma_page_range+0x10/0x10
[  338.712390][   T31]  ? apply_vma_lock_flags+0x344/0x3c0
[  338.717820][   T31]  ? down_read+0x1ad/0x2e0
[  338.732496][   T31]  __mm_populate+0x24c/0x380
[  338.737128][   T31]  ? __pfx___mm_populate+0x10/0x10
[  338.752464][   T31]  ? up_write+0x1c4/0x420
[  338.757048][   T31]  do_mlock+0x625/0x740
[  338.761240][   T31]  ? __pfx_do_mlock+0x10/0x10
[  338.782111][   T31]  ? rcu_is_watching+0x15/0xb0
[  338.786948][   T31]  __x64_sys_mlock+0x60/0x70
[  338.791562][   T31]  do_syscall_64+0xfa/0x3b0
[  338.812216][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  338.817680][   T31]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.832974][   T31]  ? clear_bhb_loop+0x60/0xb0
[  338.837714][   T31]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  338.862187][   T31] RIP: 0033:0x7f9bc798e929
[  338.866669][   T31] RSP: 002b:00007f9bc8757038 EFLAGS: 00000246 ORIG_RAX: 0000000000000095
[  338.882116][   T31] RAX: ffffffffffffffda RBX: 00007f9bc7bb6240 RCX: 00007f9bc798e929
[  338.892298][   T31] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000200000000000
[  338.900307][   T31] RBP: 00007f9bc7a10b39 R08: 0000000000000000 R09: 0000000000000000
[  338.932078][   T31] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  338.952096][   T31] R13: 0000000000000000 R14: 00007f9bc7bb6240 R15: 00007ffddfaf6988
[  338.960140][   T31]  </TASK>
[  338.973848][   T31] 
[  338.973848][   T31] Showing all locks held in the system:
[  338.981625][   T31] 1 lock held by khungtaskd/31:
[  339.054333][   T31]  #0: ffffffff8e33ee60 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  339.082144][   T31] 3 locks held by kworker/0:2/982:
[  339.087384][   T31]  #0: ffff888144a91948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  339.122114][   T31]  #1: ffffc9000399fbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  339.152176][   T31]  #2: ffff888028640198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[  339.161177][   T31] 3 locks held by kworker/u8:6/3450:
[  339.172086][   T31]  #0: ffff888057b3a948 ((wq_completion)loop6){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  339.190153][   T31]  #1: ffffc9000c72fbc0 ((work_completion)(&lo->rootcg_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  339.209989][   T31]  #2: ffff888148cf9ea0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_read_iter+0x2f8/0x440
[  339.221549][   T31] 1 lock held by udevd/5202:
[  339.238441][   T31] 2 locks held by getty/5597:
[  339.246854][   T31]  #0: ffff888030c240a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  339.269820][   T31]  #1: ffffc90002fee2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  339.282164][   T31] 1 lock held by udevd/6011:
[  339.286829][   T31]  #0: ffff8880231f1ea0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_read_iter+0x2f8/0x440
[  339.305012][   T31] 3 locks held by syz.3.456/7132:
[  339.310076][   T31] 1 lock held by syz.4.618/7597:
[  339.320728][   T31]  #0: ffff888148cf9ea0 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_read_iter+0x2f8/0x440
[  339.339804][   T31] 1 lock held by syz.2.664/7718:
[  339.349275][   T31]  #0: ffff888148cfa040 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x445/0xc70
[  339.368269][   T31] 1 lock held by syz.2.664/7722:
[  339.378530][   T31]  #0: ffff888148cfa040 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x445/0xc70
[  339.400415][   T31] 1 lock held by syz.2.664/7723:
[  339.405696][   T31]  #0: ffff888148cfa040 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x445/0xc70
[  339.423076][   T31] 2 locks held by syz.6.767/8038:
[  339.428135][   T31]  #0: ffff888148c01320 (&sb->s_type->i_mutex_key#8){++++}-{4:4}, at: blkdev_read_iter+0x2f8/0x440
[  339.450948][   T31]  #1: ffff888148cfa040 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x445/0xc70
[  339.473213][   T31] 1 lock held by syz.0.771/8050:
[  339.478198][   T31]  #0: ffff888148cfa040 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x445/0xc70
[  339.503447][   T31] 1 lock held by syz.1.816/8191:
[  339.508434][   T31]  #0: ffff888148cfa040 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x445/0xc70
[  339.527406][   T31] 1 lock held by syz.1.816/8194:
[  339.535518][   T31]  #0: ffff888148cfa040 (mapping.invalidate_lock){++++}-{4:4}, at: page_cache_ra_order+0x445/0xc70
[  339.558498][   T31] 
[  339.560878][   T31] =============================================
[  339.560878][   T31] 
[  339.699930][   T31] NMI backtrace for cpu 1
[  339.699948][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  339.699969][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  339.699980][   T31] Call Trace:
[  339.699988][   T31]  <TASK>
[  339.699995][   T31]  dump_stack_lvl+0x189/0x250
[  339.700019][   T31]  ? __wake_up_klogd+0xd9/0x110
[  339.700044][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  339.700064][   T31]  ? __pfx__printk+0x10/0x10
[  339.700094][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  339.700119][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  339.700138][   T31]  ? _printk+0xcf/0x120
[  339.700160][   T31]  ? __pfx__printk+0x10/0x10
[  339.700181][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  339.700208][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  339.700233][   T31]  watchdog+0xfee/0x1030
[  339.700251][   T31]  ? watchdog+0x1de/0x1030
[  339.700275][   T31]  kthread+0x70e/0x8a0
[  339.700300][   T31]  ? __pfx_watchdog+0x10/0x10
[  339.700316][   T31]  ? __pfx_kthread+0x10/0x10
[  339.700339][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  339.700361][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  339.700383][   T31]  ? __pfx_kthread+0x10/0x10
[  339.700406][   T31]  ret_from_fork+0x3fc/0x770
[  339.700426][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  339.700449][   T31]  ? __switch_to_asm+0x39/0x70
[  339.700468][   T31]  ? __switch_to_asm+0x33/0x70
[  339.700487][   T31]  ? __pfx_kthread+0x10/0x10
[  339.700509][   T31]  ret_from_fork_asm+0x1a/0x30
[  339.700544][   T31]  </TASK>
[  339.700551][   T31] Sending NMI from CPU 1 to CPUs 0:
[  339.859895][    C0] NMI backtrace for cpu 0
[  339.859911][    C0] CPU: 0 UID: 0 PID: 5136 Comm: kworker/u8:8 Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  339.859931][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  339.859942][    C0] Workqueue: events_unbound cfg80211_wiphy_work
[  339.859964][    C0] RIP: 0010:unwind_next_frame+0x374/0x2390
[  339.859985][    C0] Code: ea 48 01 d2 48 01 f2 48 bd 00 00 00 00 00 fc ff df 0f 84 37 01 00 00 4c 8d 62 04 4c 8d 6a 05 4c 89 e0 48 c1 e8 03 0f b6 04 28 <84> c0 0f 85 6d 19 00 00 4c 89 e8 48 c1 e8 03 0f b6 04 28 84 c0 0f
[  339.860000][    C0] RSP: 0018:ffffc9000fe4ea78 EFLAGS: 00000a03
[  339.860013][    C0] RAX: 0000000000000000 RBX: ffffffff8fded14c RCX: ffffffff8fded154
[  339.860025][    C0] RDX: ffffffff905f38b0 RSI: ffffffff905f38b0 RDI: ffffffff8be41860
[  339.860037][    C0] RBP: dffffc0000000000 R08: 000000000000000d R09: ffffffff8172caf5
[  339.860049][    C0] R10: ffffc9000fe4eb98 R11: ffffffff81ad26a0 R12: ffffffff905f38b4
[  339.860061][    C0] R13: ffffffff905f38b5 R14: ffffc9000fe4eb48 R15: ffffffff8fded150
[  339.860074][    C0] FS:  0000000000000000(0000) GS:ffff888125a1c000(0000) knlGS:0000000000000000
[  339.860087][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  339.860099][    C0] CR2: 00007fcd74b81178 CR3: 000000007e8b2000 CR4: 00000000003526f0
[  339.860113][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  339.860123][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  339.860134][    C0] Call Trace:
[  339.860140][    C0]  <TASK>
[  339.860150][    C0]  ? unwind_next_frame+0xa5/0x2390
[  339.860168][    C0]  ? __kasan_kmalloc+0x93/0xb0
[  339.860188][    C0]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  339.860209][    C0]  arch_stack_walk+0x11c/0x150
[  339.860231][    C0]  ? __kasan_kmalloc+0x93/0xb0
[  339.860250][    C0]  stack_trace_save+0x9c/0xe0
[  339.860270][    C0]  ? __pfx_stack_trace_save+0x10/0x10
[  339.860295][    C0]  kasan_save_track+0x3e/0x80
[  339.860310][    C0]  ? kasan_save_track+0x3e/0x80
[  339.860325][    C0]  ? __kasan_kmalloc+0x93/0xb0
[  339.860361][    C0]  ? __lock_acquire+0xab9/0xd20
[  339.860376][    C0]  ? cfg80211_inform_single_bss_data+0x905/0x1ac0
[  339.860401][    C0]  __kasan_kmalloc+0x93/0xb0
[  339.860420][    C0]  __kmalloc_noprof+0x27a/0x4f0
[  339.860438][    C0]  ? cfg80211_inform_single_bss_data+0x905/0x1ac0
[  339.860464][    C0]  cfg80211_inform_single_bss_data+0x905/0x1ac0
[  339.860491][    C0]  ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10
[  339.860526][    C0]  ? cfg80211_inform_bss_data+0x1e8/0x3b20
[  339.860551][    C0]  cfg80211_inform_bss_data+0x1fb/0x3b20
[  339.860585][    C0]  ? __pfx_cfg80211_inform_bss_data+0x10/0x10
[  339.860626][    C0]  ? __pfx__ieee802_11_parse_elems_full+0x10/0x10
[  339.860642][    C0]  ? __lock_acquire+0xab9/0xd20
[  339.860667][    C0]  cfg80211_inform_bss_frame_data+0x3d7/0x730
[  339.860692][    C0]  ? ieee80211_bss_info_update+0x2dc/0x9e0
[  339.860717][    C0]  ieee80211_bss_info_update+0x746/0x9e0
[  339.860740][    C0]  ? __pfx_ieee80211_bss_info_update+0x10/0x10
[  339.860761][    C0]  ? sta_info_get+0x4f/0x2a0
[  339.860780][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0xf93/0x2ae0
[  339.860805][    C0]  ieee80211_ibss_rx_queued_mgmt+0xa36/0x2ae0
[  339.860834][    C0]  ? ieee80211_ibss_rx_queued_mgmt+0xf93/0x2ae0
[  339.860855][    C0]  ? __pfx_ieee80211_ibss_rx_queued_mgmt+0x10/0x10
[  339.860881][    C0]  ? __lock_acquire+0xab9/0xd20
[  339.860910][    C0]  ieee80211_iface_work+0x806/0xfe0
[  339.860937][    C0]  cfg80211_wiphy_work+0x2df/0x460
[  339.860953][    C0]  ? process_scheduled_works+0x9ef/0x17b0
[  339.860972][    C0]  process_scheduled_works+0xae1/0x17b0
[  339.861001][    C0]  ? __pfx_process_scheduled_works+0x10/0x10
[  339.861025][    C0]  worker_thread+0x8a0/0xda0
[  339.861043][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  339.861068][    C0]  ? __kthread_parkme+0x7b/0x200
[  339.861089][    C0]  kthread+0x70e/0x8a0
[  339.861110][    C0]  ? __pfx_worker_thread+0x10/0x10
[  339.861127][    C0]  ? __pfx_kthread+0x10/0x10
[  339.861147][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  339.861167][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  339.861189][    C0]  ? __pfx_kthread+0x10/0x10
[  339.861209][    C0]  ret_from_fork+0x3fc/0x770
[  339.861226][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  339.861244][    C0]  ? __switch_to_asm+0x39/0x70
[  339.861263][    C0]  ? __switch_to_asm+0x33/0x70
[  339.861281][    C0]  ? __pfx_kthread+0x10/0x10
[  339.861301][    C0]  ret_from_fork_asm+0x1a/0x30
[  339.861327][    C0]  </TASK>
[  340.047766][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  340.047788][   T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc3-syzkaller #0 PREEMPT(full) 
[  340.047817][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  340.047829][   T31] Call Trace:
[  340.047838][   T31]  <TASK>
[  340.047846][   T31]  dump_stack_lvl+0x99/0x250
[  340.047870][   T31]  ? __asan_memcpy+0x40/0x70
[  340.047890][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  340.047909][   T31]  ? __pfx__printk+0x10/0x10
[  340.047939][   T31]  panic+0x2db/0x790
[  340.047960][   T31]  ? __pfx_panic+0x10/0x10
[  340.047975][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  340.048000][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  340.048025][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  340.048054][   T31]  watchdog+0x102d/0x1030
[  340.048074][   T31]  ? watchdog+0x1de/0x1030
[  340.048097][   T31]  kthread+0x70e/0x8a0
[  340.048122][   T31]  ? __pfx_watchdog+0x10/0x10
[  340.048138][   T31]  ? __pfx_kthread+0x10/0x10
[  340.048160][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  340.048183][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  340.048205][   T31]  ? __pfx_kthread+0x10/0x10
[  340.048227][   T31]  ret_from_fork+0x3fc/0x770
[  340.048248][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  340.048271][   T31]  ? __switch_to_asm+0x39/0x70
[  340.048290][   T31]  ? __switch_to_asm+0x33/0x70
[  340.048310][   T31]  ? __pfx_kthread+0x10/0x10
[  340.048332][   T31]  ret_from_fork_asm+0x1a/0x30
[  340.048366][   T31]  </TASK>
[  340.434932][   T31] Kernel Offset: disabled
[  340.439243][   T31] Rebooting in 86400 seconds..